Malicious change made to NPM package node-ipc that deletes files on systems in Russia and Belarus
A malicious change was detected in the node-ipc NPM package (CVE-2022-23812), with a 25% probability that the contents of all files that have write access are replaced with the “❤️” character. The malicious code is activated only when launched on systems with IP addresses from Russia or Belarus. The node-ipc package has about a million downloads per week and is used as a dependency on 354 packages, including vue-cli. […]