node-ipc behavior change (sabotaged package)
node-ipc version 11.0.0 and newer include a message from the maintainer that is written to the user’s desktop. Please review the version changes before proceeding.
Advisories for Npm/Node-Ipc package
2022
node-ipc behavior change
node-ipc starting in version 11.0.0 and prior to version 12.0.0 includes a message from the maintainer that is written to the user’s desktop. Please review the version changes before proceeding.
Hidden functionality in node-ipc
The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.
Embedded Malicious Code in node-ipc
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji.