SFU server contains malicious Malware


The SFU server is a new component introduced in Unreal Engine 5 Pixel Streaming.
NPM (the package management module of Node JS) prompted us with a severe warning that one of the packages that the Pixel Streaming of Unreal Engine 5 is using (specifically the SFU server) contains malicious Malware.

The malware is in the NPM dependency called “mediasoup-sdp-bridge” and there is currently no resolution or fix, as the malware was only detected 8 days ago.



The following screenshot is from the attempt to install the mentioned package

Any idea when it will be fixed?


1 Like