GMS-2020-242: Malicious code in `electorn`

October 1, 2020 (updated October 4, 2021)

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information:

IP and IP-based geolocation
home directory name
local username

The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.

References

github.com/advisories/GHSA-38hx-3542-8fh3
www.npmjs.com/advisories/1562

Code Behaviors & Features

Detect and mitigate GMS-2020-242 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →