Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

!!!!!!!!!!!! Please do something to warn USERS besides publishing new versions

See original GitHub issue

See https://github.com/RIAEvangelist/node-ipc/issues/233#issuecomment-1068182278 the node-ipc is doing things far more than ever expected.

If any users are using ip in russia, all their file will be wiped entirely by ❤️, and that’s a VERY DANGEROUS BEHAVIOR. This is not just making a joke, but damaging russia people’s PC or server

I don’t think vue team has done enough job just releaasing new versions, we should at lease

add POPUPs in official website about that
deprecate all the infected vue-cli packages to add a message for that

Also, we can do:

adding some warnings in vue-devtools by publishing new versions, so that users may get a chance automatically upgrade and see the warning.

@sodatea @yyx990803 Please take actions as soon as possible!❤️

Issue Analytics

State:
Created 2 years ago
Reactions:90
Comments:96 (2 by maintainers)

Top GitHub Comments

187reactions

RIAEvangelistcommented, Mar 15, 2022

It’s not really possible to run that code. It poses no threat, but it does look scary for sure.

124reactions

Nuginecommented, Mar 15, 2022

The community should fork node-ipc since the owner can no longer be trusted.

Top Results From Across the Web

npm notice Beginning October 4, 2021, all connections to the ...

Am I missing something ? Warning seen. npm notice Beginning October 4, 2021, all connections to the npm registry - including for package...

My app has been removed from Google Play

Once your app is removed, the published version of your app won't be available on Google Play until a compliant update is submitted....

scripts - npm Docs

Does not run during npm publish , but does run during npm ci and npm install . ... to allow users to avoid...

Uploading Changes - Gerrit Code Review

On Gerrit installations that do not support SSH authentication, the user must ... owners) who have configured Gerrit to notify them of new...

Apache Log4j Security Vulnerabilities

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution ( ...

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

Supply Chain attack on `vue-cli` Ru/Be IPs

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

!!!!!!!!!!!! Please do something to warn USERS besides publishing new versions

If any users are using ip in russia, all their file will be wiped entirely by ❤️, and that’s a VERY DANGEROUS BEHAVIOR. This is not just making a joke, but damaging russia people’s PC or server

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

node-ipc package includes peacenotwar as a dependency

cli-shared-utils using a node-ipc version that contains protestware