Name of the Vulnerable Software and Affected Versions loadyaml (affected versions not specified) electorn (affected versions not specified)

Description The issue concerns malicious code in npm packages. Upon installation, the packages run a preinstall script that exposes sensitive information, including IP and IP-based geolocation, home directory name, and local username, by writing a public comment on GitHub. The malicious packages have been removed from the npm registry, and the leaked content has been removed from GitHub.

Recommendations For loadyaml, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For electorn, at the moment, there is no information about a newer version that contains a fix for this vulnerability.