Why Did a Developer Sabotage Popular npm Packages Colors and Faker?

A wave of developers discovered their applications spewing garbled output after a malicious update to the widely used npm libraries colors and faker, revealing a deliberate sabotage by maintainer Marak Squires that sparked heated debate over open‑source ethics, corporate exploitation, and security responsibilities.

FakerSecuritycolors

0 likes · 9 min read

Why Did a Developer Sabotage Popular npm Packages Colors and Faker?

21CTO

Nov 27, 2018 · Information Security

event-stream NPM Trojan: How a Bitcoin‑Mining Backdoor Sneaked In

The article explains how the popular Node.js package event-stream was transferred to a new maintainer who injected a malicious flatmap-stream module that steals Bitcoin, outlines the timeline of the supply‑chain attack, and provides steps for developers to detect and remediate the infection.

Event StreamSecuritymalware

0 likes · 6 min read

event-stream NPM Trojan: How a Bitcoin‑Mining Backdoor Sneaked In