Project may have been compromised. Large amount of ASCII art instead of lesson

[enderandpeter]

Describe the bug
Running a module results in some kind of text bomb instead of the lesson. The words "LIBERTY LIBERTY LIBERTY" are displayed, followed by way too much text bunched together. It really looks like this project has been compromised.

To Reproduce

1. Install the module
2. Run any lesson in the module

Expected behavior
The lesson content should be shown

Screenshots

Execution environment:

• OS: macOS 12.1
• Version 2.7.3
• Node Version 17.3.0

Additional context
This is some extreme oversight. Some of the other nodeschool modules are having the same issue.

[enderandpeter]

This problem is very likely related to this issue: Marak/colors.js#285

[DABH]

Yep, see if you can just pin colors to 1.4.0…

[enderandpeter]

@DABH Thank you for your constant efforts. I am reading a lot of conversations. And I'm about to watch that apparently highly controversial "why was faker.js removed" video. This appears to be some kind of personal vendetta or something. I'm trying to find out what's going on. With luck, I might be able to help somehow.

I trust that using the older version of colors will help for now, but I'm not sure I can do that when installing this as a global package.

[DanielRuf]

maybe helpful, if upstream packages can not provide a new release with the pinned version in a timely manner:

Marak/colors.js#285 (comment)

For anyone who is affected, here are ways to check, which packages have to pin the version (the ones which directly use colors):

for npm:

npm ls colors

for yarn:

yarn why colors

In some cases you can use resolutions:
https://classic.yarnpkg.com/lang/en/docs/selective-version-resolutions/
https://www.npmjs.com/package/npm-force-resolutions

[DABH]

There is a lot of backstory unfortunately and GitHub is not a great place to discuss it.

I’m happy to fork and maintain, but as this is one of the most core Node.js packages, it’ll be difficult to get everyone in the community to switch to my fork.

In any case, I’m working on a few other avenues and there should be some updates by Monday I’d expect.

[DABH]

I’d encourage folks to try to not pile on publicly despite the severity of the real-world issues; let’s focus on promoting a solution

[DanielRuf]

I’m happy to fork and maintain

I can help if needed. Best is to move it to an org for different reasons.

[DABH]

It may be possible to achieve that but not until Monday, I’m waiting on some updates. In the meantime, I feel like if people have the ability to switch to a fork, they also should have the ability to just pin to 1.4.0 until this gets a permanent solution in a day or two.

[rsadr0pyz]

npx marak-free

[sup3rbu]

maybe helpful, if upstream packages can not provide a new release with the pinned version in a timely manner:

Marak/colors.js#285 (comment)

For anyone who is affected, here are ways to check, which packages have to pin the version (the ones which directly use colors):
for npm:

npm ls colors

for yarn:

yarn why colors

In some cases you can use resolutions:
https://classic.yarnpkg.com/lang/en/docs/selective-version-resolutions/
https://www.npmjs.com/package/npm-force-resolutions

hello could you explain me step by step how to solve this problem?. (I am not at all familiar with npm)
my version of node v16.13.1
my version of npm 8.1.2
path javascripting C: \ Users \ Myname \ AppData \ Roaming \ npm \ node_modules \ javascripting

[martinheidegger]

I published the latest version of javascripting which is pinned to 1.4.0 version of colors. Installing the latest version of javascripting should fix this issue. Cheers.

[enderandpeter]

Thank you very much for doing that. Unfortunately, other nodeschool modules are still effected, so I am hoping for an upstream solution soon. I really appreciate this, though.

[martinheidegger]

In the meantime this has been fixed by npm. Reinstall any tutorial and it should work.