Bbabo NET

Science & Technology News

The destructive actions of the developer of the npm-package node-ipc led to problems around the world

According to Linux.org.ru, the destructive actions of the developer of the node-ipc npm package led to problems around the world.

Explanation of this situation from user a: The author of the node-ipc package (used in vue-cli, Unity, more than a million downloads per week) pushed a commit with obfuscated code that deletes all files from the device if this code was run from a Russian or Belarusian IP . node-ipc is for inter-process communication.

The authors of vue-cli released an update in which they fixed the dependency on the version of node-ipc without malicious code. Unity Hub has also been updated. The package has been blacklisted by npmmirror.com.

Drama is happening in the node-ipc repository, the author is deleting comments, and GitHub users are looking for software using this package. The developers after this incident published a preliminary list to avoid such troubles, called "List of malware, ransomware and other things in open source projects, dangerous to use."

The destructive actions of the developer of the npm-package node-ipc led to problems around the world