gulp-nightwatch depended on event-stream which contained a version of flatmap-stream (which was the infected package). The version of the flatmap-stream package we used did not contain the malware according to the people handling the forensics in the above linked issue, but it's been removed from npm, thus causing npm/yarn to fail when setting up encryptic.
Actions taken: I've removed gulp-nightwatch for the time being. All of the gulp stuff needs to be updated anyway.
See https://github.com/dominictarr/event-stream/issues/116 for all the sordid details.
gulp-nightwatch depended on event-stream which contained a version of flatmap-stream (which was the infected package). The version of the flatmap-stream package we used did not contain the malware according to the people handling the forensics in the above linked issue, but it's been removed from npm, thus causing npm/yarn to fail when setting up encryptic.
Actions taken: I've removed gulp-nightwatch for the time being. All of the gulp stuff needs to be updated anyway.
Hooray npm!