Just days after my publication of Datafaker.net, an Open Source library to generate fake data for the JVM, on of the libraries by which Datafaker got inspired, Faker.js, decides to pull the plug. The owner of the library, Marak, published a new version of Faker.js with the significant 666 version number, and proceeds to remove the source code.
All of this seems to be mostly caused by some frustration to monetize his Open Source effort, plus a small touch of anti-enterprise sentiment. Marak seems to be a slightly controversial figure, having ran into other issues before in the past, and requested support after this incident.
An interesting video published by Fireship gives a bit of more background on this and can be found here:
update: even the original video got removed!
update2: the video get replaced, it can be found here now. The noticable difference is that now the video has been censored, plus a few other items:
1:41 For non-violent crimes was originally something along the lines of For drug charges
2:07 Instead of this scene it was mentioned that another co-worker of Swartz committed suicide too
2:30 The “GitHub user” details were removed, I’m not sure why
So, Mar…the author of the library, seems to be a bit of character, pull’s Faker.js, and that’s it you’d think. But, alas, no, it seems the saga continues!
A bit of background
Other libraries which are maintained by Marak are say.js (4500 weekly downloads), play.js (120 weekly downloads), translate.js (doesn’t seem to be listed on npm anymore). So, bases Faker.js and Colors.js, it seems there might be a lower impact on any changes, though ~5000 weekly downloads could still be an interesting disruption.
While searching for Marak’s libraries, I found this npm-test-access library. This library seems to be used for what the name describes: to test access to NPM. Marak seems like a very capable software engineer, and it’s unclear to me why he’d need a package like this. So, this make me personally doubt a little bit if Marak is really behind all of this, or if maybe his account got compromised, or if something else it at play.
Another change, which requires more work, is to rethink the way software libraries are written. I understand it’s more interesting to develop your own library instead of fixing someone else’s code, but is it really to much to ask to have something like a community maintained version of something like a Java Commons Lang equivalent, which would contain utilities like left-padding, string reversals, etc, but maintained by a team of developers with regular updates, instead surrendering yourself to the whims of a single developer? It’s just maybe something to think about. On the other hand: these developments are quite interesting from an entertainment perspective, so do we really want to take that away? 😉
2022-01-10 07:50: 40 minutes ago, a new version of colors.js has been released (1.4.2). Instead of fixing the issue, this adds an endless loop to the
safe.js file. So it seems we haven’t seen the last of this.
2022-01-11 09:02: Another update, this time from Marak on Twitter: Marak’s Github account has been suspended, and NPM has reverted his module to the latest version.