Security Issue: event-stream package is compromised

Question

rand0me opened this issue 6 years ago · 3 comments

As mentioned in this issue event-stream package >= 3.3.6 is not trusted and should be downgraded to 3.3.4

Answer 1 · 2018-11-27T11:09:27.000Z

isnt 4.0.1 also acceptable? running npm ls flatmap-stream comes up empty

Answer 2 · 2018-11-27T11:26:51.000Z

pinned in v5.0.2

Answer 3 · 2018-11-27T11:27:15.000Z

Yeah, 4.0.1 version isn't affected, but some comments says:

but any future version can't be trusted

I'm just reporting the fact, so anyone can decide should it been upgraded or not