Advisories for Npm/Electorn package

2020

Malicious code in `electorn`

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: IP and IP-based geolocation home directory name local username The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.