A hot potato: Open-source software (OSS) comes in a variety of flavors. Some are massive projects developed and maintained by thousands of volunteers. Others are smaller programs that might only be supported and worked on by a single developer sharing to GitHub. Because OSS is sometimes freely used by large corporations, there is a bit of controversy over whether these companies should contribute to the community monetarily.

It appears that an open-source developer has intentionally fried two widely used javascript libraries. The commits to faker.js and colors.js caused programs using them to get stuck in an infinite loop.

Developers use the faker library to generate fake contextual data for testing or demos, while colors adds color to javascript consoles. Thousands of programs use these public packages, with faker seeing around 2.5 million weekly downloads and another 22.4 million per week for colors.

Marak Squires, the developer of the two libraries, uploaded version 6.6.6 of faker to GitHub and the NPM registry earlier last week. Colors "v1.4.44-liberty-2" was committed on Saturday. Both updates cause the same behavior. When called, "Liberty Liberty Liberty" outputs on the first three lines followed by a string of Zalgo text representing an American flag. Colors has since been fixed, but faker remains on version 6.6.6. Developers using faker should switch back to the last valid version (5.5.3).

Squires's reasoning for sabotaging the libraries is unclear. Some suggest that because of the "liberty" theme and a seemingly sarcastic GitHub issue report, Squires may be trying to grab attention for the plight of unthanked open-source developers.

Back in November, in a comment thread on his faker.js GitHub page titled, "No more free work from Marak - Pay Me or Fork This," Squires said he was going to quit freely supporting "Fortune 500" companies that, in his mind, steal his work without compensation.

"Respectfully, I am no longer going to support Fortune 500s ( and other smaller sized companies ) with my free work," he noted. "There isn't much else to say. Take this as an opportunity to send me a six-figure yearly contract or fork the project and have someone else work on it."

Squires has also changed the "read me" file for faker.js to simply say, "What really happened with Aaron Swartz?"

Aaron Swartz was a developer/hacktivist who helped found Creative Commons, RSS, and Reddit. Swartz was accused of stealing documents from JSTOR to make them public and then committed suicide in 2013 after a prolonged legal battle.

Regardless of his motives, the stunt got Squires suspended from GitHub, removing his access to the two affected libraries, as well as the hundreds of other public and private projects he has uploaded.

While most in the community were not surprised that GitHub punished Squires for rendering his own software useless, many support him for his decision to call attention to a for-profit industry that has grown to feel entitled to the unpaid labor of others.

"Removing your own code from [GitHub] is a violation of their Terms of Service? WTF?" said developer Sergio Gómez in support of Squires's actions. "This is a kidnapping. We need to start decentralizing the hosting of free software source code."

"The responses to the colors.js/faker.js author sabotaging their own packages are really telling about how many corporate developers think they are morally entitled to open source developers' unpaid labour without contributing anything back," tweeted another OSS community member.

It's worth mentioning that most members of the OSS community support the continued development of free-to-use software because they are passionate about programming. However, there is an expectation that those that benefit from OSS use contribute something back to the community, even if it's just fixing bugs or some other type of support.