Security issue? node-ipc

Questions
1

Describe the problem/error/question

Hi, my Sec Team contacted me regarding a node package node-ipc. path: .n8n/nodes/node_modules/node-ipc (https://www.npmjs.com/package/node-ipc), which popped up as CVE.

MicrosoftTeams-image (4)
MicrosoftTeams-image (4)945×565 46.6 KB

MicrosoftTeams-image (5)
MicrosoftTeams-image (5)929×399 46.1 KB

Any idea? It could be a false positive, the package after inspection doesn’t look suspicious.

Information on your n8n setup

  • n8n version:
  • **Database (default: SQLite):SQLite
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • **Running n8n via (Docker, npm, n8n cloud, desktop app):npm
  • **Operating system:AWS Linux AMI 2023
3

Hi @Kool_Baudrillard,

I suspect it is related to Protestware - How node-ipc turned into malware | LunaTrace but I can’t see it as an n8n dependency, Looking at the path it seems to be in your custom nodes folder. Are you using any community nodes? Maybe the Community Discord node or Puppeteer which seem to use node-ipc.

1 Like