You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
on September 9, right9control added flatmap-stream as a dependency to event-stream, and then on September 16, removed the dependency by implementing the code themselves. However, this latter change was not automatically pushed out to the library's users. On October 5, flatmap-stream was altered by a user called "hugeglass" to include obfuscated code that attempted to drain Bitcoins from wallets using the software.
Thus, anyone using event-stream and pulling in the cursed flatmap-stream, rather than the rewritten code, since October 5 would be potentially hit by the malicious script. The offending code has been removed from event-stream. If it's any relief, the hidden malware is highly targeted, and not designed to attack every programmer or application using event-stream.
"
The text was updated successfully, but these errors were encountered:
"Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)
https://www.theregister.co.uk/2018/11/26/npm_repo_bitcoin_stealer/
on September 9, right9control added flatmap-stream as a dependency to event-stream, and then on September 16, removed the dependency by implementing the code themselves. However, this latter change was not automatically pushed out to the library's users. On October 5, flatmap-stream was altered by a user called "hugeglass" to include obfuscated code that attempted to drain Bitcoins from wallets using the software.
Thus, anyone using event-stream and pulling in the cursed flatmap-stream, rather than the rewritten code, since October 5 would be potentially hit by the malicious script. The offending code has been removed from event-stream. If it's any relief, the hidden malware is highly targeted, and not designed to attack every programmer or application using event-stream.
"
The text was updated successfully, but these errors were encountered: