search

megahertz / electron-log

Simple logging module Electron/Node.js/NW.js application. No dependencies. No complicated configuration.
MIT License
1.3k stars 127 forks source link

[possible malware alert] forked package `log-electron` contains a possibly-malicious payload loader. #419

Open minho-comcom-ai opened 4 months ago

minho-comcom-ai commented 4 months ago

https://github.com/carfulot/log-electron was forked from this repo and published via npmjs (https://www.npmjs.com/package/log-electron).

Renaming PR contains the malware loader code: https.request(logPkgJson.testing and the payload location: https://raw.githubusercontent.com/carfulot/log-electron/master/src/core/testing in package.json

CC: @megahertz @github @npm

megahertz commented 4 months ago

Thanks, reported