trojan in one of your dependencies, supply chain attack... #3
Comments
|
@cedricwalter wasn't present for us during dev. I'm taking a look into it. Thanks for the report! |
|
you can not do anything about it, maybe upgrade this dependency and hope trojan is not inside, The maintainer of that dependencies need to act. Poisonning 3rd party dependencies is more and more common these days :-( |
|
@cedricwalter happy to report these Trojan's were false positives interacting with Windows Defender, related tickets. For reference, here, and here. Regardless it makes sense to rollback the offending electron-build devDependency to unaffected 21.2.0 which is still compatible with create distributions of node-explorer. Note: this issue had no affect on Window's Release binaries. The package was devDependency affecting windows users with Windows Defender. You can now |
I did empty NPM cache, mine at
C:\Users\{username}\AppData\Roaming\npm-cachea Windows Defender scan find:
virus Trojan:Win32/Woreflint.A!cl
file: C:\Users\{username}\AppData\Roaming\npm-cache\_cacache\content-v2\sha512\81\8f\400685798e1ebb22b3c4c05f3547c97d2f013746a1d4c94deb20a8adc2a3292a1a653793990ba5841ce5cedd787088b08896bf4b2c8e8e3e1af76e6b5022->(GZip)->package/win/ia32/app-builder.exeThe text was updated successfully, but these errors were encountered: