Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to work around broken dependencies (colors.js)
See original GitHub issuehttp-server won’t launch because of https://github.com/Marak/colors.js/issues/285
I tried downloading older versions of http-server but the issue persists.
How do I work around this? My pipeline is broken. Please consider locking in specific known-working versioned dependencies in package.json instead of just grabbing the latest which may pull in broken/malicious/woke/protest dependencies.
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (6 by maintainers)
Top Results From Across the Web
Open Source Developer Sabotages npm Packages 'Colors ...
The developer behind popular npm libraries "Colors" and "Faker" intentionally sabotaged both packages. Here's what to do if your application ...
Read more >Open source maintainer pulls the plug on npm ... - Snyk
We highly recommend you revert to colors@1.4.0 , and pin your dependencies' versions to avoid blind upgrades of the offending version. We also ......
Read more >Faker and Colors - the dark side of Open Source - YouTube
The reason was frightening: two very popular JavaScript libraries included via NPM stopped working. The colors. js was printing some ...
Read more >What NPM should do to stop a new colors attack - Hacker News
So you can have a pinned library that doesn't pin colors.js. Now you make a change in packages.json (say adding or removing another...
Read more >npm Libraries 'colors' and 'faker' Sabotaged in Protest by their ...
js exists on npm as 'faker' and has been retrieved 272 million times from the npm repository, with over 2,500 dependents. Both projects...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Barring any hiccups, I’ll merge and release a fix today. I’ll also try to backport the fix to the v13 line because I know there are some unrelated issues with the v14 release for some folks.
🎉 Published to npm! Check for versions v14.1.0 or v13.1.0