Severity: Critical
CVSS Score: 10
npm packages `loadyaml` and `electorn` were removed from the npm registry for containing malicious code. Upon installation the package runs a preinstall script that writes a public comment on GitHub containing the following information: - IP and IP-based geolocation - home directory name - local username The malicious packages have been removed from the npm registry and the leaked content removed from GitHub.