Please update to latest gulp-tap to avoid a security concern
dkemper01 opened this issue · 1 comments
dkemper01 commented
Notice gulp-jscs-stylish
has a dep on gulp-tap
version which in turn has a dep on a version of event-stream
to which a known malicious actor has publishing rights.
dominictarr/event-stream#116 (comment)
prompt> npm ls event-stream flatmap-stream
***@***
+-- gulp-angular-templatecache@2.2.1
| +-- event-stream@3.3.4
| `-- gulp-footer@2.0.1
| `-- event-stream@3.3.4 deduped
+-- gulp-inject@3.0.0
| `-- event-stream@3.3.4 deduped
`-- gulp-jscs-stylish@1.4.0
`-- gulp-tap@0.1.3
`-- event-stream@3.1.7
Please note event-stream
is now being maintained by the npm team.
microsoft/monaco-editor#1211 (comment)
codepunkt commented
Thanks for the information - i didn't think this old thing would've been affected. As i haven't been using this for ages and don't plan on maintaining this anymore, please create and use a fork!