Skip to main content

One post tagged with "npm"

View All Tags

· 9 min read
Chris Thompson
Free Wortley
Forrest Allison

node-ipc is a popular package to help with inter-process communication in Node. In protest of Russia's invasion of Ukraine, the author of the package intentionally added malware on March 16th that targets Russian and Belarusian IPs.

The code attempts to geo-locate where it's running, and if it discovers it is running with in Russia or Belarus, then it attempts to replace the contents of every file on the system with a unicode heart character: ❤. In a more recent version, it instead just drops a file with a peace message on the desktop.