Идиот

Select versions (10.1.1 and 10.1.2) of the massively popular 'node-ipc' package were caught containing malicious code that would overwrite or delete arbitrary files on a system for users based in Russia and Belarus. These versions are tracked under CVE-2022-23812.

On March 8th, developer Brandon Nozaki Miller, aka RIAEvangelist released open source software packages called peacenotwar and oneday-test on both npm and GitHub.

The packages appear to have been originally created by the developer as a means of peaceful protest, as they mainly add a "message of peace" on the Desktop of any user installing the packages.

"This code serves as a non-destructive example of why controlling your node modules is important," explains RIAEvangelist.

"It also serves as a non-violent protest against Russia's aggression that threatens the world right now."

But, chaos unfolded when select npm versions of the famous 'node-ipc' library—also maintained by RIAEvangelist, were seen launching a destructive payload to all data and overwrite all files of users installing the package.

Interestingly, the malicious code, committed as early as March 7th by the dev, would read the system's external IP address and only delete data by overwriting files for users based in Russia and Belarus.

https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
https://www.bleepingcomputer.com/news/security/big-sabotage-famous-npm-package-deletes-files-to-protest-ukraine-war/