GMS-2020-479: Malicious Package

September 2, 2020 (updated September 30, 2021)

of rimrafall contains malicious code as a preinstall script. The package attempts to remove all files in the system’s root folder. If you installed this package it is likely your machine was erased. If not, remove the package from your system and verify if any files were deleted.

References

github.com/advisories/GHSA-8hq2-fcqm-39hq
www.npmjs.com/advisories/913

Code Behaviors & Features

Detect and mitigate GMS-2020-479 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →