Corrupted NPM libs - Faker and Colors - the dark side of Open Source

Channel:
PS After Hours
Subscribers:
4,210
Published on ● Video Link: https://www.youtube.com/watch?v=8kjvbSuuxcw


Duration: 5:48
1,520 views
52

The last few days were very stressful for many developers. Out of nowhere, right after deployment, their applications were no longer working. The reason was frightening: two very popular JavaScript libraries included via NPM stopped working. The colors.js was printing some gibberish in the console. The faker.js disappeared and was clearly corrupt! Hackers? Mistake? No. The frustrated open-source developer did that on purpose.
In this video you will learn the background story, and what's more important, how to protect your applications from being injected with corrupted libraries!

All about MIT license https://youtu.be/1m4RRnu7sY4
NPM colors library https://www.npmjs.com/package/colors
NPM faker library https://www.npmjs.com/package/faker

#quadmeup #npm #opensource

0:00 Intro
0:16 What exactly happened to faker and colors NPM libs
2:23 Did the developer have a right to do it?
2:50 What MIT license says about that
4:12 How to protect your application
5:42 Outro

Visit my primary channel https://www.youtube.com/user/dzikuvx
Facebook https://www.facebook.com/quadmeup
Discord server https://quadmeup.com/discord
My website https://quadmeup.com/
Instagram https://www.instagram.com/dzikuvx/



Other Videos By PS After Hours


2022-03-16What is a NFT and how it works?
2022-03-01Never crack the ESP32 OLED again
2022-02-17Crypto Miners hacked my AWS account and I lost $500
2022-02-08GPS locator with Arduino and LoRa | part 2
2022-02-04a little stream engine #shorts
2022-02-04Long Range Beacon with LoRa, ESP32 and Arduino
2022-02-01Arduino NeoPixel Logo Sign with ESP32 #shorts
2022-01-20How to protect NPM from corrupted libraries?
2022-01-19Wireless Dremel tool? Sure, Greenworks V8 is here!
2022-01-17What's inside $70 10A bench power supply? PS-3010DF
2022-01-12Corrupted NPM libs - Faker and Colors - the dark side of Open Source
2021-12-17A better 3D printing surface - OSEQ safe sheet
2021-12-02Uni-T UT210E Mini Clamp Meter Review
2021-11-29Open Source developers do not work for free
2021-11-24How BAD are cheap 18650 Li-Ion batteries from China?
2021-11-10Uni-T UT363BT anemometer review
2021-11-05Xiaomi Wowstick electric screwdriver - a few months later review
2021-11-04Xiaomi Mijia Wiha 24 in 1 screwdriver set. Any good?
2021-11-02Xiaomi Wowstick electric screwdriver review so much wow!
2021-10-293D printing with a polypropylene (PP) filament
2021-10-28DIY liquid soldering flux


Tags:
open source
npm
faker js
colors js
corrupt library
open source software
mit license
open source license
dark side of open source
what happened to faker js
faker js what happened
npm install