fix: node-ipc

[atian25]

https://github.com/RIAEvangelist/node-ipc/issues/233

[gemwuu]

LGTM

[github-actions]

🎉 This PR is included in version 1.70.6 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[hax]

有鉴于此模块的有意行为（包括更恶劣的根据IP覆盖文件），光针对特定版本可能还不够，可能需要暂时直接锁定后续所有版本。

[fengmk2]

有鉴于此模块的有意行为（包括更恶劣的根据IP覆盖文件），光针对特定版本可能还不够，可能需要暂时直接锁定后续所有版本。

我会先锁定 node-ipc 的更新同步

[atian25]

@fengmk2 是不是顺便把这 3 个版本先手动删掉？避免用 npm/yarn/pnpm 连 npmmirrror 的用户受到影响。

新版 cnpm registry 好像没有迁移这个：cnpm/cnpmcore#184

[hax]

Copy from vuejs/vue-cli#7054 (comment)

The behavior — committed malicious code, deleted comments which expose such code, revoked the api key after been exposed and promoted the sophistry that the code not work because api key is not valid — make me think the guy is not worth trust anymore. I strongly suggest npmmirror not only blacklist node-ipc but all his packages.

[atian25]

https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/

[SekiBetu]

好吓人啊