Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Extension affected by compromised flatmap-stream
See original GitHub issueI’m submitting a…
[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report <!-- Please search GitHub for a similar issue or PR before submitting -->
[ ] Feature request
[ ] Documentation issue or request
[x] Other: Security concern
Current behavior
Liveserver 5.2.0 depends on compromised package flatmap-stream.
Expected behavior
Liveserver 5.2.0 doesn’t depend on compromised package flatmap-stream.
Environment
For Tooling issues:
- Live Server: 5.2.0
- Platform: macOS High Sierra 10.13.6
- Visual Studio Code: 1.29.1
$ find ~ -name "flatmap-stream"
/Users/me/.vscode/extensions/ritwickdey.liveserver-5.2.0/node_modules/flatmap-stream
Others
See
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
Compromised npm Package: event-stream
The package flatmap-stream contains encoded data cleverly hidden in a test directory. This directory is not available in the GitHub repository ...
Read more >Compromised npm “event-stream” and “flatmap- ...
The code is designed to be triggered only when certain conditions are met, though it is installed on thousands of machines and reported...
Read more >Blocking malicious versions of event-stream and flatmap ...
Blocking malicious versions of event-stream and flatmap-stream ... Visual Studio Code has also taken steps to block affected extensions.
Read more >Malicious code in npm 'event-stream' package targets a ...
The malicious owner then added a malicious library named flatmap-stream to the events-stream package as a dependency. This led to a download ...
Read more >Backdoor in Popular JavaScript Library Set to Steal ...
They found that earlier versions of the library that are still in use include a new component, 'flatmap-stream' version 0.1.1, that contains ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
This has been fixed! Let me know if I missed something!
Hi @Regaddi , No… we maintain a different copy of
live-serverfrom last few months.