marcosmartinez7
commented
5 years ago Seems that i was using a older version of nodemon.
Closed marcosmartinez7 closed 5 years ago
marcosmartinez7
commented
5 years ago Seems that i was using a older version of nodemon.
Detected this issue today
The problem is related to this: https://medium.com/intrinsic/compromised-npm-package-event-stream-d47d08605502
I check who is including that library and i found this:
And then event-stream
I also found this library using the event stream.. so i search who imported that lib:
Found this
Then i check for that library and i found this on the package.lock and yarn.lock.
Any ideas if this is related with nodemon or gulp-nodemon?