Name of the Vulnerable Software and Affected Versions loadyaml (affected versions not specified) electorn (affected versions not specified)

Description The issue concerns malicious code in npm packages. Upon installation, the packages run a preinstall script that writes a public comment on GitHub, leaking sensitive information including IP and IP-based geolocation, home directory name, and local username.

Recommendations For loadyaml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For electorn, at the moment, there is no information about a newer version that contains a fix for this vulnerability.