Advisories for Npm/Node-Ipc package

node-ipc version 11.0.0 and newer include a message from the maintainer that is written to the user’s desktop. Please review the version changes before proceeding.

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.

This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji.