LOW

GHSA-8gr3-2gjw-jj7g

Hidden functionality in node-ipc

Details

The package node-ipc version 9.2.2 is vulnerable to hidden functionality that was introduced by the maintainer. The package uses a dependency that writes a file to disk that does not pertain to the functionality of the package and is not included in versions < 9.2.2.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / node-ipc

No fixed version published yet for node-ipc (npm). Pin to a known-safe version or switch to an alternative.

References

https://github.com/RIAEvangelist/node-ipc [PACKAGE]
https://github.com/RIAEvangelist/node-ipc/releases/tag/9.2.2 [WEB]