Approx read time: 2.5 mins

Last week, the maintainer of two massively popular npm libraries sabotaged ‘colors’ and pulled his code from ‘faker’, breaking thousands of projects that rely on these libraries. ‘Colors’ alone has over 19,000 dependents on NPM and has been downloaded over 3.4 billion times as of today. And ‘faker’ has been retrieved 272 million times from the npm repository, with over 2,500 dependents. 

The Faker ‘Endgame’

In the change made to ‘faker’ version 6.6.6, the library’s maintainer Marak Squires added a commit titled “Endgame,” referencing the late programmer Aaron Swartz who died by suicide.

Screenshot of the faker commit

Similarly, the npm homepage of the package was also altered with the same message by the maintainer:

Screenshot of the faker npm homepage

Faker, meet faker!

For all the world could understand, ‘faker’ was abandoned by Squires, who had previously written about the challenges associated with monetizing open source projects.

In the blog post available on archive.org, the developer described how he had planned on offering a ‘Faker Cloud’ subscription-based service to fund the project, but that the effort didn’t reach fruition.

Screenshot of the former Faker Cloud homepage

Despite having been abandoned by Squires, it seems ‘faker’ is here to stay. Just a few days after the colors and faker sabotage incident, I got a message from an open source developer and now one of the maintainers of the ‘faker’ project, Jessica Sachs.

It seems the functional versions of the popular ‘faker’ library have been forked and are being maintained by a new team at fakerjs.dev. The GitHub repo associated with this forked project is called faker-js/faker, whereas a new scoped project has also been released on npm: undefined (https://www.npmjs. (Read more...)