Cloning the repo and performing an npm install is currently not possible without first deleting the package-lock.json. Something in the lockfile is referencing a version of event-stream that was pulled off npm because of a vulnerability involving stealing cryptocurrency.
Had the same problem. Edited package.json to change "npm-run-all" to version "^4.1.5". npm install then worked fine (without having to delete package-lock.json).
Cloning the repo and performing an
npm install
is currently not possible without first deleting the package-lock.json. Something in the lockfile is referencing a version of event-stream that was pulled off npm because of a vulnerability involving stealing cryptocurrency.