I am a Github account developer who corrupted his own libraries. I take full responsibility for my actions and I sincerely apologize to the community. I will be taking a leave of absence from development while I work on getting help for my personal issues. Thank you for your understanding.
When all this happened a number of projects got affected and everybody started criticizing the developer and Github too. They criticized the developer because he added the malicious code which you should do on the online community because your here to help other without charging anything.
But on the other hand the people also criticized the Github because it is an open source account so how they can block or suspends someone because a developer can change his own good.
So what’s the whole story? Let’s get into this and see what actually happened when Github account developer who corrupted his own libraries with a bad intention!!
Github account developer who corrupted his own libraries – What happened?
Two open-source projects that caused concern earlier this week to companies and individuals who rely on them were “faker.js”, and “colors.js”, both of which were originally created and maintained by Marak Squires. The first receives 2.8m weekly downloads and supports 2500 projects. While the second is downloaded 20,000,000 times per week and supports 19,000 project,
Colors.js allows you to add colored text to console output. Paul Ducklin writes on the Naked Security Blog:
After not publishing any updates for the past year, Marak Squires, the founder of the project, suddenly added new code. This changed the release number to 1.4.0 and gave rise to the rather unusual version identifier 1.4.4-liberty-2.
The “American flag” module repeated “Liberty” with an ASCII flag. It also introduced two unwanted features: an infinite loop that prints text testing testing… testing again.
A new function, called zalgo, was added to the update. It performs zalgoification. This is a method of making regular characters look strange by adding diacritical marks like accents, cedillas, and umlauts. Zalgoed text not only has no meaning, but it also places a lot of strain on the text rendering software that must display it.
Faker.js creates dummy data to test, and Squires decided to remove it. Squires had expressed dissatisfaction with its repo over a year before.
Although this message may suggest a pecuniary motive for removing the code, which was done using a commit message endgame. Squires then replaced the ReadMe text by the question, “What really went wrong with Aaron Swartz?” As we reported in 2013, this is a reference the Internet activist who apparently committed suicide as he was facing a trial for stealing 4.8million articles from JSTOR journal archive. He believed they should not be behind a paywall via MIT network. The aim of making them available online is to make them free of charge. Squires has been known to subscribe to the theory that Swartz might have been murdered in prison.
Github account developer who corrupted his own libraries – Restored
After a massive outcry from the open source community, the Github account of a well-known developer who deliberately corrupted his own libraries has been restored.
The developer had gained notoriety for corrupting popular libraries such as Lodash and React Router, and for adding malicious code to other people’s projects.
In response to the outcry, Github decided to restore account, saying that “the company does not condone malicious activity.”
So for now, Github reverted both repos to the npm registry.
“GitHub is committed in ensuring the security and health of the npm registry. We have removed malicious packages and suspended the account (temporary blocked) of the user in accordance to npm’s acceptable usage policy regarding malware.
Is Github decision fare to suspend developer account?
Any suspension seems unreasonable if you consider that the code in the repos belongs to it originator/maintainer. It is open source, meaning you can fork and contribute to it. But does that mean that GitHub cannot deny you the right to modify or destroy your code?
These decisions lack the “due process”. Is there a right to appeal? GitHub acts as judge, jury and executioner in these cases. While you may agree with its current actions, what happens when it does something wrong?
As per my opinion the GitHub did good job by suspending developer account because this is the community to help others (not to destroy). You joined this network to help others for free without any bad intention. So here if million of users including the organizations using your code then you should accept this truth that the organizations can make a good amount of profit by integration your code in their big projects!
Nobody is denying Your contribution but destroying or harming someone’s project at this level – not acceptable. So if your intention is wrong then better not to join the community.
Guys what do you think of this – Github account developer who corrupted his own libraries? Please comment below and don’t forget to share it with others on social media sites!