Skip to content

Malicious code in `electorn`

critical severity GitHub Reviewed Published Oct 1, 2020 • Updated Oct 4, 2021

Package

npm electorn (npm)

Affected versions

<= 10.0.0

Patched versions

None

Description

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information:

  • IP and IP-based geolocation
  • home directory name
  • local username

The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.

References

GHSA ID

GHSA-38hx-3542-8fh3