Npm javascript supply chain attack: event stream

From razwiki
Revision as of 14:01, 27 December 2022 by Razzi (talk | contribs) (Created page with "https://github.com/dominictarr/event-stream/issues/116 - "I don't know what to say." In November 2018, it was discovered that a malicious package had been added as a dependen...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

https://github.com/dominictarr/event-stream/issues/116 - "I don't know what to say."

In November 2018, it was discovered that a malicious package had been added as a dependency to version 3.3.6 of the popular package event-stream. The malicious package, called flatmap-stream, contained an encrypted payload that stole bitcoins from certain applications. npm administrators removed the offending package.

Retrieved from "https://wiki.abuissa.net/index.php?title=Npm_javascript_supply_chain_attack:_event_stream&oldid=412"