🚨 The authors of node-ipc have pushed malware in an update, which wipes your disk if you happen to have Russian or Belorussian IP address.
This affects some large projects like Vue CLI where it is a dependency.
https://github.com/RIAEvangelist/node-ipc/issues/233
It does not actually wipe your disk, it just places a file on the users desktop. It seems the author originally wanted to wipe the users disk, but decided against it. Shit like this is a great reason to always pin your dependencies and do your research before upgrading them.
It does not actually wipe your disk, it just places a file on the users desktop. It seems the author originally wanted to wipe the users disk, but decided against it. Shit like this is a great reason to always pin your dependencies and do your research before upgrading them.
Pretty sure the author decided to do it in the first place. That moron is the reason why I hesitate to install LITERALLY ANY NPM PACKAGE now.