Dude you have a backdoor script
JasonShin opened this issue · 2 comments
JasonShin commented
Check this
I'm uninstalling all the modules in relation to this until the issue is resolved ...
wkillerud commented
@JasonShin this has been reported and fixed already #33 #34
If you like me had ps-tree and event-stream as a dependency of a dependency the following steps should help you get rid of the compromised package:
rm -rf node_modules/
rm package-lock.json
npm install
npm audit
Or for you Yarn users
rm -rf node_modules/
rm yarn.lock
yarn
yarn audit
indexzero commented
Yes @wkillerud is correct. This was fixed in ps-tree@1.1.1 and you can force upgrade to it by regenerating your node_modules and package-lock.json/yarn.lock files.
Unfortunately due to how the npm registry works I cannot unpublish older versions of ps-tree so copies of ps-tree@1.1.0 could still potentially be installed from older package-lock.json or yarn.lock files.