colors dependency has been purposefully destroyed by developer; crashes grunt; #36
Description
Developer Marek Squire has purposefully ruined the colors library which causes the grunt and grunt-bower-task libraries (and probably others) to spams and crash the console when ran, thus preventing grunt from being used, at least when tagging "latest", which is what I do.
News article:
https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected
Repo link:
Marak/colors.js#285
There is 3 solutions to this problem as I understand:
- Switch from colors to using chalk library, which I think some PRs exist already?
- Downgrade by tagging an older version of colors, and using it, before the broken version was created (latest)
- Switch to a fork of colors that is maintained by a more trustworthy individual. The colors community has already landed on a new maintainer of the code, a developer of colors who has decided to continue the work. I'd probably suggest going down this route:
https://www.npmjs.com/package/@dabh/colors
https://github.com/DABH/colors.js.