SUPPLY-CHAIN REPORT

riaevangelist/node-ipc

A nodejs module for local and remote Inter Process Communication (IPC), Neural Networking, and able to facilitate machine learning.

VERDICTCOMPROMISED·82/100

View on GitHub →

STARS

FORKS

OPEN ISSUES

LANGUAGE

JavaScript

LICENSE

MIT

LAST PUSH

2026-02-28

SIGNALS

WARN

Historical supply-chain incidents

1 known incident on record. Worst: node-ipc peacenotwar protestware (CVE-2022-23812).

Historical security advisories

No published security advisories on this repo.

Maintenance activity

Actively maintained. Last push 47 days ago.

Ecosystem trust

62 stars.

License

MIT

HISTORICAL INCIDENTS (1)

HIGH2022-03-15

node-ipc peacenotwar protestware (CVE-2022-23812)

Maintainer added code that wipes filesystems on machines geolocated to Russia/Belarus. Shipped in transitive dep of Vue CLI and others. Classified as malware by Snyk.

Source →

METHODOLOGY

This report is generated on demand by querying the GitHub API for repository metadata and published security advisories, then cross-referencing our curated database of known supply-chain incidents (xz-utils, event-stream, ua-parser-js, colors.js, tj-actions, Codecov, and more). Results are cached for 24 hours. We do not scan repository code or dependencies — for that, see Snyk or Socket. Verdict: CLEAN ≥80, CAUTION 50–79, COMPROMISED<50.

SCAN A DEPLOYED SITE

Repo looks clean but the live deployment might still be exposing headers, CORS, or SSL misconfigurations.

SCAN A URL →

SCANNING riaevangelist/node-ipc...