node-ipc
Safeguard articles tagged "node-ipc" — guides, analysis, and best practices for software supply chain and application security.
4 articles
node-ipc protestware targeting Russia/Belarus IPs
In March 2022, node-ipc's maintainer shipped code wiping files on Russian and Belarusian machines. Here's what happened, how it spread, and how to catch it next time.
node-ipc Compromised Again (14 May 2026): An 80 KB Credential Stealer in a 10M-Download Library
On 14 May 2026, three malicious node-ipc versions (9.1.6, 9.2.3, 12.0.1) shipped an 80 KB credential-stealing IIFE appended after module.exports in the CJS bundle — no install scripts, harvesting 90+ secret categories from a library with 10M+ weekly downloads.
node-ipc 'Protestware' Sabotage Code Shipped to Millions ...
How a rogue node-ipc update turned a trusted npm dependency into disk-wiping protestware, and what CVE-2022-23812 means for your supply chain.
node-ipc Protestware: When a Maintainer Weaponized the Supply Chain
The node-ipc package was deliberately sabotaged by its maintainer to protest the Russia-Ukraine conflict, wiping files on systems with Russian or Belarusian IP addresses. A watershed moment for supply chain trust.