Node Live-server 突然停止工作，现在显示奇怪的东西

Question

I last used it on wednesday last week when I worked and it worked perfectly fine with no problems. Now that I came back today and wanted to start it with live-server it showed symbolds in the console and even waiting for 5 minutes nothing else happaned.

The weird stuff which is showing up

It tried to use powershell instead of the command prompt. At first it told me that scripts are disabled so I searched that, enabled scripts and the exact same thing then happaned as in the command prompt.

I didn't find anything about this weird problem. I even installed the oldest version of it but nothing changed.

For context, this issue doesn't happen on my laptop but it happens on my desktop at home My desktop and office pc both are a few years old in terms of hardware but couldn't be any more different besides windows 10 pro.

Answer 1

As i posted in the comment, the developer of the color.js & faker.js package has corrupted his packages on purpose: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

The live-server depends on the color package: "colors": "latest",

You can see this if you take a look on the package.json

{
  "name": "live-server",
  "version": "1.2.1",
  "description": "simple development http server with live reload capability",
  "keywords": [
    "front-end",
    "development",
    "tool",
    "server",
    "http",
    "cli"
  ],
  "author": "Tapio Vierros",
  "dependencies": {
    "chokidar": "^2.0.4",
    "colors": "latest",
    "connect": "^3.6.6",
    "cors": "latest",
    "event-stream": "3.3.4",
    "faye-websocket": "0.11.x",
    "http-auth": "3.1.x",
    "morgan": "^1.9.1",
    "object-assign": "latest",
    "opn": "latest",
    "proxy-middleware": "latest",
    "send": "latest",
    "serve-index": "^1.9.1"
  },
  "devDependencies": {
    "eslint": "^5.9.0",
    "jshint": "^2.9.6",
    "mocha": "^5.2.0",
    "supertest": "^3.3.0"
  },
  "scripts": {
    "lint": "eslint live-server.js index.js",
    "hint": "jshint live-server.js index.js",
    "test": "mocha test --exit && npm run lint"
  },
  "bin": {
    "live-server": "./live-server.js"
  },
  "repository": {
    "type": "git",
    "url": "https://github.com/tapio/live-server.git"
  },
  "engines": {
    "node": ">=0.10.0"
  },
  "preferGlobal": true,
  "license": "MIT",
  "eslintConfig": {
    "env": {
      "node": true
    },
    "rules": {
      "quotes": 0,
      "curly": 0,
      "strict": 0,
      "no-process-exit": 0,
      "eqeqeq": 1,
      "no-unused-vars": 1,
      "no-shadow": 1
    }
  }
}

More information about color.js: https://github.com/Marak/colors.js/issues/285

A fix for live-server can be found here: https://github.com/Marak/colors.js/issues/285#issuecomment-1007890688

Just set it to a older version.

The package.json for Live Server has Colors.js set to use the newest possible version available, latest, so I changed it back to the most recent Colors.js version that didn't have the issue, 1.4.0.

Answer 2

colors.js is a security vulnerability and should no longer be used. Check the news from Jan 2022.

I now use nozaki-colors https://github.com/RIAEvangelist/nozaki-colors

Answer 3

Today, Node.js has been released a new security patch. The problem has been solved for me. You can update on https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/