search

mysticatea / npm-run-all

A CLI tool to run multiple npm-scripts in parallel or sequential.
MIT License
5.7k stars 242 forks source link

Effected Bitcoin stealer #154

Closed whomwah closed 5 years ago

whomwah commented 5 years ago

Hi, I think this lib is effected by this bitcoin stealer. flatmap-stream has now been removed from NPM:

└─┬ npm-run-all@4.1.3
  └─┬ ps-tree@1.1.0
    └─┬ event-stream@3.3.6
      └── flatmap-stream@0.1.2

https://github.com/dominictarr/event-stream/issues/116 https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/

mysticatea commented 5 years ago

Thank you for the report.

However, this is a duplicate of #149, #150, #152, and #153. I have already published v4.1.5 to address it in the last week.

whomwah commented 5 years ago

Sorry 👍