codepunkt/gulp-jscs-stylish

Please update to latest gulp-tap to avoid a security concern

dkemper01 opened this issue · 1 comments

Notice gulp-jscs-stylish has a dep on gulp-tap version which in turn has a dep on a version of event-stream to which a known malicious actor has publishing rights.

dominictarr/event-stream#116 (comment)

prompt> npm ls event-stream flatmap-stream
***@***
+-- gulp-angular-templatecache@2.2.1
| +-- event-stream@3.3.4
| `-- gulp-footer@2.0.1
|   `-- event-stream@3.3.4  deduped
+-- gulp-inject@3.0.0
| `-- event-stream@3.3.4  deduped
`-- gulp-jscs-stylish@1.4.0
  `-- gulp-tap@0.1.3
    `-- event-stream@3.1.7

Please note event-stream is now being maintained by the npm team.
microsoft/monaco-editor#1211 (comment)

Thanks for the information - i didn't think this old thing would've been affected. As i haven't been using this for ages and don't plan on maintaining this anymore, please create and use a fork!