Closed finebalancetech closed 5 years ago
I pushed a commit to the master branch a couple of hours ago that addresses this. Could you check if you're on latest please?
Hi Marjan... I'm using a fork which has not yet updated: https://github.com/swimlane/ngx-charts/pull/555
Trying to get custom data into the tooltip is not possible with the current master... :/
Yup, make sure you merge the upstream master branch into the fork if you're using one. Otherwise, deleting package-lock.json and reinstalling the packages should get rid of the malicious package.
Closing this one.
While compiling ngx-charts I discovered it was trying to install flatmap-stream 0.1.1, which is a malicious dependency introduced by a compromised event-stream package.
Please read: https://github.com/dominictarr/event-stream/issues/116
All ngx-charts devs, check if you are affected:
npm ls event-stream flatmap-stream
If you see flatmap-stream 0.1.1 as a dependency, your build is likely compromised.
I recommend clearing your npm cache:
npm cache clean --force
And reinstalling dependencies: npm i
NPM is aware of the issue and have removed the malicious package, so subsequent installs depending on that package will fail, like this:
npm ERR! code E404 npm ERR! 404 Not Found: flatmap-stream@https://registry.npmjs.org/flatmap-stream/-/flatmap-stream-0.1.1.tgz