dmvict
commented
2 years ago Hello, @lgg
Thank you for your report.
We use node-ipc@9.1.1 and need no update. This version as described in https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c has no malware code.
Please, close the issue.
Newest version of node-ipc delete all users's files from device. You should not use this dependency anymore!
You can learn more here: https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c
Check possible solution that already applied in vue.js: https://github.com/vuejs/vue-cli/issues/7054#issuecomment-1068677029
also check more here: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/