I’m on a Mac - and I have no technical background in computing. I can kind of work stuff out but please explain like I’m five in regards to what I should do/how to deal with this?
Also - before anyone says it, I’m aware of the whole ‘McAfee is a trojan thing’ - I’m just equally not tech literate enough to figure out how to properly uninstall the bloomin thing (I’m supposed to have it on my mac for work).
Hi @Zaber, I would say if you make 100% sure you are downloading daedalus from the official location (Daedalus - Downloads)
you can treat this as a false positive (means: you can ignore this warning).
My previous post that I deleted basically said I could not find anything on that script. Then I dug a little deeper and found something!
Seems it is part of the Trezor HD wallet perhaps? Even though it’s not part of the Daedalus project there are tons of additional 3rd party dependencies that IOHK doesn’t maintain or make themselves that get downloaded and used under the covers.
It could be a false positive, it could be a vulnerability in a dependency, it could be straight up malware, it could be a lot of things. I am not sure IOHK would know as they don’t develop this. Seems like they need some auditing and security plans for when exploits and hacks inevitably does make it into NPM (like they do every day).
The dependencies of my dependencies are my enemies! Perhaps ask Ryan Dahl about his greatest regrets sometime?