Skip to content
This repository has been archived by the owner on Nov 28, 2018. It is now read-only.

Please update to latest gulp-tap to avoid a security concern #16

Closed
dkemper01 opened this issue Nov 27, 2018 · 1 comment
Closed

Please update to latest gulp-tap to avoid a security concern #16

dkemper01 opened this issue Nov 27, 2018 · 1 comment

Comments

@dkemper01
Copy link

dkemper01 commented Nov 27, 2018
edited
Loading

Notice gulp-jscs-stylish has a dep on gulp-tap version which in turn has a dep on a version of event-stream to which a known malicious actor has publishing rights.

dominictarr/event-stream#116 (comment)

prompt> npm ls event-stream flatmap-stream
***@***
+-- gulp-angular-templatecache@2.2.1
| +-- event-stream@3.3.4
| `-- gulp-footer@2.0.1
|   `-- event-stream@3.3.4  deduped
+-- gulp-inject@3.0.0
| `-- event-stream@3.3.4  deduped
`-- gulp-jscs-stylish@1.4.0
  `-- gulp-tap@0.1.3
    `-- event-stream@3.1.7

Please note event-stream is now being maintained by the npm team.
microsoft/monaco-editor#1211 (comment)
@codepunkt
Copy link
Owner

Thanks for the information - i didn't think this old thing would've been affected. As i haven't been using this for ages and don't plan on maintaining this anymore, please create and use a fork!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codepunkt @dkemper01