The peacenotwar module appears to write a file to the user's PC. README includes:<p><pre><code> "This code serves as a non-destructive example of why controlling your node modules is important. It also serves as a non-violent protest against Russia's aggression that threatens the world right now. This module will add a message of peace on your users' desktops, and it will only do it if it does not already exist just to be polite."
</code></pre>
Link to peacenotwar: <a href="https://github.com/RIAEvangelist/peacenotwar" rel="nofollow">https://github.com/RIAEvangelist/peacenotwar</a><p>An of course the issues come in: <a href="https://github.com/RIAEvangelist/node-ipc/issues" rel="nofollow">https://github.com/RIAEvangelist/node-ipc/issues</a>
More detailed write-up on what exactly happened with node-ipc and the events that lead to it from a week ago (March 8th) here: <a href="https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/" rel="nofollow">https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-pack...</a>