peacenotwar is a piece of malware, which has been characterized as protestware,[1] created by Brandon Nozaki Miller.
Between 7 March and 8 March 2022, Brandon Nozaki Miller, the maintainer of the node-ipc package on the npm package registry, released two updates allegedly containing malicious code targeting systems in Russia and Belarus (CVE-2022-23812).
This code recursively overwrites all files on the user's system drive with heart emojis.
[2][3][4][5][6][7][8][9] A week later, Miller added the peacenotwar module as a dependency to node-ipc.
[10] The function of peacenotwar was to create a text file titled WITH-LOVE-FROM-AMERICA.txt on the desktop of affected machines, containing a message in protest of the Russo-Ukrainian War; it also imports a dependency on a package (npm colors package) that would result in a Denial of Service (DoS) to any server using it.