IT Services Circle

Mar 17, 2022 · Information Security

Malicious npm Packages: The “peacenotwar” Incident and Its Impact on the Frontend Ecosystem

The article exposes a malicious npm package called peacenotwar, injected by a politically motivated author into the node‑ipc dependency of vue‑cli, which creates a hostile file on users in Russia and Belarus, prompting npm to block the package and highlighting the fragility of the frontend supply chain.