Open morlay opened 2 years ago
It is supply chain attacks, whatever the motive.
A vendor package, which CREATING FILE out of project, is a malware.
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
How to quick fix, if have to the related packages:
npm:
npm
// package.json { "overrides": { "peacenotwar": "git+ssh://git@github.com/morlay/peacenotwar.git" } }
pnpm:
pnpm
// package.json { "pnpm": { "overrides": { "peacenotwar": "git+ssh://git@github.com/morlay/peacenotwar.git" } } }
Links:
https://github.com/RIAEvangelist/peacenotwar/issues/5 https://github.com/RIAEvangelist/node-ipc/issues/233
Related:
https://github.com/vuejs/vue-cli/issues/7054
It is supply chain attacks, whatever the motive.
A vendor package, which CREATING FILE out of project, is a malware.
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
How to quick fix, if have to the related packages:
npm
:pnpm
:Links:
https://github.com/RIAEvangelist/peacenotwar/issues/5 https://github.com/RIAEvangelist/node-ipc/issues/233