As the author of the original qrcode dependency currently has no time to release a fixed version, I forked [2] the qrcode lib and bumped the dependency to a fixed version [3].
[x] angularx-qrcode 13.0.3 was released today with a fork of the lib, which makes no use of the affected colors.js versions.
[x] The dependency will be switched back the moment there is a fix released.
The underlying lib
qrcode
has a dependency of the libcolors.js
which was corrupted on purpose by its author [1]. Read the article Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps by BleepingComputer.As the author of the original
qrcode
dependency currently has no time to release a fixed version, I forked [2] the qrcode lib and bumped the dependency to a fixed version [3].[1] colors.js https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
[2] The used fork is located here: https://github.com/Cordobo/node-qrcode
[3] Commit changes https://github.com/Cordobo/node-qrcode/commit/e09bcd350aa664d4ddc3699617607197d6368a32