Npm javascript supply chain attack: event stream: Difference between revisions
Jump to navigation
Jump to search
(Created page with "https://github.com/dominictarr/event-stream/issues/116 - "I don't know what to say." In November 2018, it was discovered that a malicious package had been added as a dependen...") |
(No difference)
|
Latest revision as of 15:01, 27 December 2022
https://github.com/dominictarr/event-stream/issues/116 - "I don't know what to say."
In November 2018, it was discovered that a malicious package had been added as a dependency to version 3.3.6 of the popular package event-stream. The malicious package, called flatmap-stream, contained an encrypted payload that stole bitcoins from certain applications. npm administrators removed the offending package.