How to Fix Zalgo Issue (Spamming Console) with Colors.js 1.4.1/1.4.2
Colors.js, the open source Javascript package used by 4.3 million repositories has recently been corrupted by its owner Marak. Causing the library spamming console with bunch of garbled characters.
Ironically, the original usage of this package is to make console more readable by adding colors and styles, now it's doing the complete opposite.
1.4.1Fix Security Vulnerability
To fix this problem is quite simple, just pin the version of Colors.js to unaffected 1.4.0:
"dependencies": {
...
"colors": "1.4.0",
...
}
JSONMigrate to Chalk
Alternatively, you should consider migrating your project to more reliable packages like Chalk, which is another Node.js library focused on terminal styling. And with quite similar API as well:
-
Colors.js
import colors from 'colors'; console.log(colors.green('This is green')); JavaScript -
Chalk
import chalk from 'chalk'; console.log(chalk.green('This is green too')); JavaScript
To install Chalk from npm:
npm install chalk
BashNotes
As 11 Jan 2022, Colors.js has revert versions 1.4.1, 1.4.2 to 1.4.0 on npm:
Check your installed Colors.js version:
npm ls colors
Bash└── colors@1.4.0
Output