Man, that's funny and scary at the same time.

This issue thread was interesting to read: https://github.com/Marak/colors.js/issues/285

Yeah, changing the version number to an older release would fix it, but there are many projects out there that haven't been updated in multiple years, I don't think the devs for them will be around to change the Colors.js dependency not to use latest any time soon, Live Server could be an example. (This message was in reply to this one above)

People should really rethink the security implications of automatically using the latest branch of an open source project written by some dude on the internet. The code pushed out could have been downright malicious instead of mostly harmless.