tl;dr:"The open source maintainer of the wildly popular npm package colors intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a DoS."