[possible malware alert] forked package `log-electron` contains a possibly-malicious payload loader.
minho-comcom-ai opened this issue · 1 comments
minho-comcom-ai commented
https://github.com/carfulot/log-electron was forked from this repo and published via npmjs (https://www.npmjs.com/package/log-electron).
Renaming PR contains the malware loader code: https.request(logPkgJson.testing
and the payload location: https://raw.githubusercontent.com/carfulot/log-electron/master/src/core/testing
in package.json
CC: @megahertz @github @npm
megahertz commented
Thanks, reported