BestHub
Sign in
Topic

open-source

Collection size
2 articles
Page 1 of 1
IT Services Circle
IT Services Circle
Mar 17, 2022 · Information Security

Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem

The article exposes a malicious npm package called peacenotwar, injected by a politically motivated author into the node‑ipc dependency of vue‑cli, which creates a hostile file on users in Russia and Belarus, prompting npm to block the package and highlighting the fragility of the frontend supply chain.

frontend ecosystemmalicious codenode-ipc
0 likes · 5 min read
Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem
Selected Java Interview Questions
Selected Java Interview Questions
Apr 22, 2022 · Information Security

Supply Chain Poisoning in node-ipc: Analysis, Impact, and Mitigation

Developers discovered that the npm package node‑ipc, widely used in vue‑cli, contained a malicious “peacenotwar” payload targeting Russian and Belarusian IPs, prompting security analysis, discussion of open‑source supply‑chain risks, and detailed remediation steps including package updates and code removal.

Vue CLInode-ipcnpm
0 likes · 8 min read
Supply Chain Poisoning in node-ipc: Analysis, Impact, and Mitigation