electorn was removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information:
- IP and IP-based geolocation
- home directory name
- local username
Remove the package from your environment. The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.
publishedAdvisory PublishedOct 1st, 2020
reportedReported by UnknownOct 1st, 2020