Remove event stream from transitive dependencies
Georgegriff opened this issue · 0 comments
Georgegriff commented
https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
Will get on this as soon as i get home.
it's a dev dependency so should only affect people who have contributed features to this package.
@jasongardnerlv You're the only person i'm aware of that installed this package locally from contribution. Might want to remove node_modules if you still have it checked out, to be sure.
Not a massive security issue, only affects people that happen to use bitcoin.