GMS-2020-347: Malicious code in `loadyaml`

October 1, 2020 (updated October 4, 2021)

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information:

IP and IP-based geolocation
home directory name
local username

The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.

References

github.com/advisories/GHSA-mfc2-93pr-jf92
www.npmjs.com/advisories/1563

Code Behaviors & Features

Detect and mitigate GMS-2020-347 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →