Visual Studio App Center CLI Customers - Event-Stream Package Security Update and Next Steps

added by DotNetKicks
12/10/2018 2:44:50 PM

1 Kicks, 614 Views

On Nov 26, 2018, the npm security team removed `flatmap-stream` from the popular `[email protected]` package. In late September, `flatmap-stream` had been added as a dependency by a GitHub developer identified as "right9control" in an apparent attempt to attack the `ps-tree` package running in copay, a cryptocurrency wallet.