The peacenotwar module appears to write a file to the user's PC. README includes:

  "This code serves as a non-destructive example of why controlling your node modules is important. It also serves as a non-violent protest against Russia's aggression that threatens the world right now. This module will add a message of peace on your users' desktops, and it will only do it if it does not already exist just to be polite."

Link to peacenotwar: https://github.com/RIAEvangelist/peacenotwar

An of course the issues come in: https://github.com/RIAEvangelist/node-ipc/issues

Maybe not just adding a file. Apparently, a historical version (about a week ago) also tries to overwrite files with “red heart (U+2764)” emoji. This affects all files in “$PWD/../..”.

Correct, specifically it were versions 10.1.1 and 10.1.2 that did so and as of now are removed.

More detailed write-up on what exactly happened with node-ipc and the events that lead to it from a week ago (March 8th) here: https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-pack...