Описание
Malicious code in electorn
npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information:
- IP and IP-based geolocation
- home directory name
- local username
The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.
Пакеты
Наименование
electorn
npm
Затронутые версииВерсия исправления
<= 10.0.0
Отсутствует
Дефекты
CWE-506
Дефекты
CWE-506