react-image-cropper icon indicating copy to clipboard operation
react-image-cropper copied to clipboard
verified publisher icon flyfloor

Remove flatmap-stream vulnerability

Open t4t5 opened this issue 7 years ago • 1 comments

An older version of npm-run-all is dependant on flatmap-stream which was hijacked by a malicious maintainer (see: https://github.com/mysticatea/npm-run-all/commit/57d72eb98c2ce108f07d2a2cf1b44d57f08ec3ca#commitcomment-31468478).

Right now, this package won't even install since NPM has removed the infected dependency: https://www.npmjs.com/package/flatmap-stream (leads to 404)

I've bumped the version of npm-run-all to 4.1.5 which removes the dependency on flatmap-stream.

Signed-off-by: Tristan Edwards [email protected]

t4t5 avatar Nov 27 '18 18:11 t4t5

Same as #41

danieloprado avatar Dec 10 '18 11:12 danieloprado