Closed lgg closed 2 years ago
thanks for mentioning this! since we use old version of node-ipc (9.1.4), there is no any impact for us. and we don't plan to upgrade it. later we'll consider migrating to alternative solution. hence closing the ticket.
Newest version of node-ipc delete all users's files from device. You should not use this dependency anymore!
You can learn more here: https://gist.github.com/MidSpike/f7ae3457420af78a54b38a31cc0c809c
Check possible solution that already applied in vue.js: https://github.com/vuejs/vue-cli/issues/7054#issuecomment-1068677029
also check more here: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/