Security issue? node-ipc

Describe the problem/error/question

Hi, my Sec Team contacted me regarding a node package node-ipc. path: .n8n/nodes/node_modules/node-ipc (https://www.npmjs.com/package/node-ipc), which popped up as CVE.


Any idea? It could be a false positive, the package after inspection doesn’t look suspicious.

Information on your n8n setup

  • n8n version:
  • **Database (default: SQLite):SQLite
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • **Running n8n via (Docker, npm, n8n cloud, desktop app):npm
  • **Operating system:AWS Linux AMI 2023

Hi @Kool_Baudrillard,

I suspect it is related to Protestware - How node-ipc turned into malware | LunaTrace but I can’t see it as an n8n dependency, Looking at the path it seems to be in your custom nodes folder. Are you using any community nodes? Maybe the Community Discord node or Puppeteer which seem to use node-ipc.

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.