In the wake of a recent incident that wreaked havoc on the NPM package registry, a new group of maintainers is reestablishing the Faker project, making it a community effort. The previous maintainer had sabotaged the Faker NPM package with malicious code, impacting more than 2,500 other NPM packages that depend on it.
On January 4, the previous maintainer committed malicious code to the Faker and colors libraries, causing an infinite loop that impacted thousands of projects. In response, GitHub, which oversees NPM, removed the malicious Faker and colors packages and suspended the user account in accordance with NPM malware policy. A security advisory pertaining to colors was published, as well.
Faker was first implemented in Perl in 2004. In a January 14 bulletin, the new maintainers announced a plan to improve Faker and released a version 6.x alpha. Items on the roadmap include:
- ESM (ECMAScript modules) support
- Improved testing infrastructure
- Typegen docs
- Engaging with existing maintainers of the Faker ecosystem
- Providing an interactive playground within the docs
- Node.js 18 compatibility
Copyright © 2022 IDG Communications, Inc.