Hey,
The SFU server is a new component introduced in Unreal Engine 5 Pixel Streaming.
NPM (the package management module of Node JS) prompted us with a severe warning that one of the packages that the Pixel Streaming of Unreal Engine 5 is using (specifically the SFU server) contains malicious Malware.
The malware is in the NPM dependency called “mediasoup-sdp-bridge” and there is currently no resolution or fix, as the malware was only detected 8 days ago.
https://github.com/advisories/GHSA-3w5f-9w2h-24wq
https://security.snyk.io/vuln/SNYK-JS-MEDIASOUPSDPBRIDGE-2952696
The following screenshot is from the attempt to install the mentioned package
Any idea when it will be fixed?
Thanks