Supply Chain Incident

colors and faker npm protestware releases

The maintainer of colors and faker published intentionally disruptive releases that broke downstream consumers and demonstrated maintainer-driven supply-chain risk.

ConfidenceHigh

Evidence LevelPrimary

Attack StagePackage Publish

Source Artifact DivergenceNo

Affected Packages

colors
faker

Affected Releases

No structured records.

Repositories

Marak/colors.js

Organizations

No structured records.

Maintainers

Marak Squires

Threat Actors

No structured records.

Campaigns

No structured records.

Build Systems

No structured records.

Distribution Channels

npm registry

Compromised Accounts

No structured records.

Connected Entities

colors Package
faker Package
Marak Squires Maintainer
Marak/colors.js Repository
npm registry Distribution Channel

References

colors.js issue discussion after disruptive release GitHub · 2022-01-09