DEV Community

loading...

Discussion on: npm package discovered to have bitcoin-stealing backdoor

Collapse
aturingmachine profile image
Vince

The idea was to hit a certain crypto package that used event-stream as a dependency. The code would only execute when run by that package.