MAL-2025-25475 Malicious code in loadyaml (npm)

The package loadyaml was found to contain malicious code...

Malicious code in loadyaml (npm)

The package loadyaml was found to contain malicious code...

Malicious Package

loadyaml is a malicious package. The package exfiltrates IP, IP-based geolocation, home directory name, and local username through a preinstall script during installation...

Malicious Package

loadyaml is a malicious package. The package exfiltrates IP, IP-based geolocation, home directory name, and local username through a preinstall script during installation...

Malicious code in `loadyaml`

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local...

GHSA-MFC2-93PR-JF92 Malicious code in `loadyaml`

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local...

GHSA-38HX-3542-8FH3 Malicious code in `electorn`

npm packages loadyaml and electorn were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local...