Table of Contents

How to Fix Zalgo Issue (Spamming Console) with Colors.js 1.4.1/1.4.2

Cyrus Kao
Last modified on .

Colors.js, the open source Javascript package used by 4.3 million repositories has recently been corrupted by its owner Marak. Causing the library spamming console with a bunch of garbled characters.

Ironically, the original usage of this package was to make the console more readable by adding colors and styles. Now it's doing the complete opposite.

Output of corrupted Colors.js 1.4.1

Fix Security Vulnerability

To fix this problem is quite simple, just pin the version of Colors.js to unaffected 1.4.0:

"dependencies": {
	"colors": "1.4.0",

Migrate to Chalk

Alternatively, you should consider migrating your project to more reliable packages like Chalk, which is another Node.js library focused on terminal styling. And with quite a similar API as well:

  • Colors.js

    import colors from 'colors';
    console.log('This is green'));
  • Chalk

    import chalk from 'chalk';
    console.log('This is green too'));

To install Chalk from npm:

$ npm install chalk


As of 11 Jan 2022, Colors.js has reverted versions 1.4.1 and 1.4.2 to 1.4.0 on npm:

Versions of Colors.js

Check your installed Colors.js version:

$ npm ls colors
└── colors@1.4.0


Sign in to leave a comment.