Five years ago, a programmer took down half of the internet, crashed countless codebases, and sparked heated debate by deleting some code from his open-source project's left pad. Now, the same thing happened again - last week, the author of the well-known tool library Faker.js did the same thing, and now the results are similar to 5 years ago.
According to the latest reports, the current Faker.js project is now controlled by a team of 8 engineers from different backgrounds and companies. And Marak, the author of Faker.js, is officially "out".
The author of Faker.js "deleted the library and ran away" led to the "shock" of the open source circle
In early January, Marak Squires, the author of Faker.js, "deleted the library and ran away" after actively maliciously sabotaging his project. After the incident, it instantly triggered a "shock" in the open source circle.
It is reported that Marak not only emptied all the code in his Faker.js project repository, leaving a short readme file "What really happened with Aaron Swartz?", but also injected malicious code that led to an infinite loop of the program, causing many applications collapse.
As a very useful tool, Faker.js can generate Fake data that can be used for application development/testing, and its popularity is even used by hundreds of companies including Fortune 500 companies.
And for a long time, the author of the development and maintenance of the Faker.js project - programmer Marak has always been considered a controversial figure. According to the report, Marak, the author of the Faker.js project, has a record of deleting his popular projects before. Back in 2020, Marak declared that he had "had enough of maintaining Faker.js".
And in "Omen" prior to the action, Marak stated in a code commit: "With all due respect, I will no longer be offering free support to the Fortune 500 (and other smaller companies) ."
As we all know, the js code base is open source and free, which requires someone to pay hundreds of thousands of salary to continue to support and maintain. However, as some world enterprises and companies that use the code base for free, when the code base is unavailable or out of order, they accuse the author without paying any price, which really disappoints the author of the open source project.
From this, it can be seen that the occurrence of this incident by the author of Faker.js is not "sudden".
Previously on reddit, many popular posts also stated that Marak emptied the code of the Faker.js repository because of lack of funds and abuse of open source projects by others.
Of course, there are also posts saying that the Faker.js repository with the deleted code is not the real Faker.js original repository. It is said that Marak first made the real Faker.js repository private and changed the name for it. Then create a new "Faker.js" repository with the same name - so the commit information of the repository only has the latest record, and the number of stars is far less than the original Faker.js repository.
Although Marak emptied the Faker.js project repository, its packages on npm still have historical downloads. There are reports that the latest version of Faker.js also has more than 2 million downloads per week.
Faker.js is now a community-controlled project
At present, Faker.js has become a community-controlled project, and the newly formed team temporarily refers to the library they maintain as the "official library", and merges all active branches. After the situation subsides and confusion is reduced, they will The "official library" name will be dropped.
Now, the community-controlled Faker.js project has been recognized by many developers. The following is the growth of the number of stars in the project warehouse:
Since taking over Faker.js, the new team has triaged issues and reviewed PRs, provided online documentation, migrated to TypeScript, created a public twitter account, published packages on npm, cleaned up Prettier, CI, Netlify Deploy Previews and GitHub Actions, etc.
At the same time, the new team also developed a development plan:
- Support for ESM
- Browserify=>Rollup/Vite
- Improve test infrastructure
- Provide type generation documentation
- Interact with existing maintainers of the Faker ecosystem
- Provide an interactive playground in the documentation
- Compatible with Node 18
In terms of funding, it is the same as the previous donation to the Faker.js project. The js project is carried out on the open source collection platform, and the existing team has formulated a transition plan after communicating with the open source collection executive director:
- js project from Open Collective to Faker.js legacy account ($11,652.69 total), which will be used to invite Marak and another maintainer, Barin
- Once the transfer is complete, the existing team will become the administrator of Faker.js. js account on the Open Collective Platform ( https://opencollective.com/fakerjs )
- Existing teams have been notified that if they wish to donate to Marak, please select https://opencollective.com/fakerjs-legacy or http://opencollective.com/marak . (Of course, they will also sync and notify if they have received funds indicated as a donation to Marak)
Finally, the team promises that they will continue to develop and maintain the Faker.js project to make it as cool as it once was.
js project triggers the fragile nature of open source culture
The "malicious sabotage" incident by the author of the Faker.js project has also triggered a discussion in the industry about the "fragility of the digital ecosystem".
The concept of open source, which strives to survive in the "commercial world", has to be "fettered" by the most primitive contractual relationship, and this tension is underpinned by a simple question: once open source code is adopted, who will ultimately responsible?
It's a complex issue and a time-honored "conflict" about open source and business, involving topics such as culpability, ownership, ethics, and the flawed nature of human motivation.
As an open source project that is highly dependent on other projects, the problems exposed by the "malicious sabotage" incident by the author of Faker.js are more complicated.
So what do you think of the age-old question in open source philosophy, "who is right?" Welcome to leave a message in the comment area to interact.
About Faker.js
Faker.js is a very popular Node.js tool library that provides various types of simulated data for development and debugging. The original Faker project was first implemented in Perl in 2004 by Jason Kohles. Marak later implemented the Node.js version and put a lot of effort and time into maintaining Faker.js.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。