Security News > 2022 > March > BIG sabotage: Famous npm package deletes files to protest Ukraine war
This month, the developer behind the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War.
Newer versions of the 'node-ipc' package began deleting all data and overwriting all files on developer's machines, in addition to creating new text files with "Peace" messages.
Select versions of the massively popular 'node-ipc' package were caught containing malicious code that would overwrite or delete arbitrary files on a system for users based in Russia and Belarus.
Chaos unfolded when select npm versions of the famous 'node-ipc' library-also maintained by RIAEvangelist, were seen launching a destructive payload to all data and overwrite all files of users installing the package.
Snyk researchers suspect that 'node-ipc' versions 10.1.1 and 10.1.2 that caused blatant damage to the system were taken down by npm within 24 hours of publication.
Note 'node-ipc' versions 11.0.0 and above remain available on npm.