node-ipc
node-ipc NPM package maintainer adds protestware malware
The maintainer added protestware to node-ipc, a widely used interprocess communication library, targeting users resolving from Russian or Belarusian IP addresses. The code attempted to recursively overwrite files with a heart character during normal package use, turning geopolitical protest into selective data destruction that could ripple through dependent JavaScript applications.
- Date
- 2022-03-07 to 2022-03-16
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- source
- Impact
- Service Disruption
- Cause
- Sabotage
What Was Affected
Package
node-ipc
LanguageJavascript
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
npmjs.org
Repository
github.com/RIAEvangelist/node-ipc
Compromised Versions
Incident Context
- Motive
- Disruption/Protest
- Attribution
- Author
- Transitive
- No
- User Impact
- 1000000
- Observed Duration
- 9 days
Evidence
Compromised Artifacts
- registry.npmjs.org/node-ipc/-/node-ipc-9.2.2.tgz
- registry.npmjs.org/node-ipc/-/node-ipc-10.1.1.tgz
- registry.npmjs.org/node-ipc/-/node-ipc-10.1.2.tgz
- registry.npmjs.org/node-ipc/-/node-ipc-11.0.0.tgz
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:f54bb89fe21762ce2ab5fe7581bf7f347f79ec30abe3ab1175da4edc26b5f91asha256:03190b659f9ad3c0e0bb337a958cbfa49c0bbfd8baff63d5a178c0eb6c8ea292
Commits
External References
Source Data
Source record: oss/node-ipc/meta.yaml