flatmap-stream@0.0.1-security vulnerabilities

security holding package

latest version

0.0.1-security

first published

6 years ago

latest version published

6 years ago

View flatmap-stream package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the flatmap-stream package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
C Malicious Package `flatmap-stream` is a malicious package which was used in order to steal bitcoins from wallets. The malicious code was able to check if the `copay-dash` package was installed, and then attempt to steal the bitcoins stored in it. It was distributed by hijacking the popular `event-stream` package and adding `flatmap-stream` as a dependency. You can read more about the malicious code on our blog. How to fix Malicious Package? Avoid using any version of `flatmap-stream` and version `3.3.6` of `event-stream`.	*

Malicious Package

flatmap-stream is a malicious package which was used in order to steal bitcoins from wallets. The malicious code was able to check if the copay-dash package was installed, and then attempt to steal the bitcoins stored in it. It was distributed by hijacking the popular event-stream package and adding flatmap-stream as a dependency.

You can read more about the malicious code on our blog.

How to fix Malicious Package?

Avoid using any version of flatmap-stream and version 3.3.6 of event-stream.

Go back to all versions of this package