search

dominictarr / JSONStream

rawStream.pipe(JSONStream.parse()).pipe(streamOfObjects)
Other
1.91k stars 165 forks source link

FYI: "event-stream" dependency is backdoored, apparently starting from v3.3.5 #167

Closed vladimiry closed 5 years ago

vladimiry commented 5 years ago

https://github.com/dominictarr/event-stream/issues/116

Preliminary analysis:

doowb commented 5 years ago

Thanks for the warning.

This library uses event-stream in devDependencies and it's specified as 0.7.0, which means that only versions >= 0.7.0 and < 0.8.0 will be installed.

I'm going to close this since there's nothing to do here, but that's again for the warning.