search

Marak / colors.js

get colors in your node.js console
https://github.com/Marak/colors.js
Other
5.16k stars 446 forks source link

New maintainer of `colors` #292

Closed jshor closed 2 years ago

jshor commented 2 years ago

I've had enough. From now on I'm assuming all responsibilities for maintaining colors (bug fixes, new features, security updates, etc.) in a new repository. I've rolled back to the latest functional version and it is published as @jshor/colors v1.4.0.

Installation

yarn remove colors && yarn add @jshor/colors

or:

npm uninstall colors && npm i @jshor/colors

Alternative workarounds

If you don't want to use the new package, there are a couple of options:

  1. For maintainers of packages depending on colors directly, you can alternatively lock in the last good version of colors using package.json which is 1.4.0.

  2. If you depend on a package that depends on colors and are using yarn, you can add a resolution to the earlier good version using resolutions entry in package.json (note: be sure to lock the semver in resolutions as well):

"resolutions": {
  "colors": "1.4.0"
}

Existing issues/PRs

If you've submitted a PR or issue here, please submit it again in the new repo and I will get to them over the next few days/weeks.

Final note

Over 4 million packages, including some of the most major ones we use every day, depend on this. I'm not sure what message maintainer is trying to broadcast by corrupting his own packages but screwing over all of us is not the way to do it.

Being an open source maintainer is a matter of public trust and @Marak has violated that.

DABH commented 2 years ago

Josh, I appreciate your efforts here. As the maintainer of this repo until my access was revoked as part of this incident, I already created a fork and have been working to resolve the issues with this repo, see #285. Would love to collaborate going forward if you would be amenable to it. Thanks for your time and passion for doing the right thing ❤️

jshor commented 2 years ago

@DABH Thanks for maintaining this library and I see now your fork. I saw #285 but stopped reading after it descended into conspiracy theories. I want to help get this package straightened out however I can

Closing this issue

DABH commented 2 years ago

Thank you 🙏 I’ll remember to tag you once this is all resolved — going forward, the end state of colors should absolutely involve multiple people maintaining it 🙃

ghost commented 2 years ago

Gonna say that forking helps restore projects that has been unmaintained or corrupted especially if millions of people use it which grows popularity and a most used tool for colored output for node packages. and we'll count on you maintaining it @jshor and others who wish to maintain it too 🙂