Googling it brought up this package from npm, which actually claims it was taken down for containing malicious code, but I couldn't find anything in the actual advisories, and I'm not convinced this is the package contained in kibana.
Before I ask IT to whitelist this, does anyone have any insight into why this might be happening and if there's an actual security risk? This happens on fresh installs on windows or linux and without any plugins installed.
This happens to us on multiple deployments, most of which are on 7.17.3, however it also happens for a brand new 8.4 cluster.
As mentioned we can solve this by whitelisting, but we would obviously still prefer it if we could figure out why this package is being blocked in the fiest place.
The file kbn-ui-shared-deps-npm.dll.js is not an npm package and is a bundle we build as part of the Kibana build with a couple of stateful node_modules we use on Kibana. This file is served through a package called @kbn/ui-shared-deps-npm which is in the node_modules folder but its not distributed over the npm. We built it locally and ship it as part of the Kibana distributable.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.