Advisory Database
  • Advisories
  • Dependency Scanning
  1. npm
  2. ›
  3. faker
  4. ›
  5. GMS-2022-501

GMS-2022-501: Removal of functional code in faker.js

March 22, 2022 (updated March 23, 2022)

Faker.js helps users create large amounts of data for testing and development. The maintainer deliberately removed the functional code from this package. This appears to be a purposeful and successful attempt to make the package unusable.

References

  • fakerjs.dev/update.html
  • github.com/Marak/colors.js/commit/074a0f8ed0c31c35d13d28632bd8a049ff136fb6
  • github.com/Marak/colors.js/issues/285
  • github.com/Marak/colors.js/issues/285%23issuecomment-1008212640
  • github.com/advisories/GHSA-5w9c-rv96-fr7g
  • github.com/advisories/GHSA-gh88-3pxp-6fm8
  • nvd.nist.gov/vuln/detail/CVE-2021-23567
  • snyk.io/vuln/SNYK-JS-COLORS-2331906
  • www.npmjs.com/package/@faker-js/faker
  • www.npmjs.com/package/faker

Code Behaviors & Features

Detect and mitigate GMS-2022-501 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

Version 6.6.6

Solution

Migrate to the stable fork, @faker-js/faker. The maintainer of the original package is no longer trustworthy.

Source file

npm/faker/GMS-2022-501.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:14:41 +0000.