Very interesting and unfortunate about event-stream (I hadn't known). I'm excited to try you're updated app :)
Changing the topic a bit, do you know of a site for checking whether an npm package is compromised.. something like Have I Been Pwnd? I couldn't find one in 30 seconds of googling...
Very interesting and unfortunate about event-stream (I hadn't known). I'm excited to try you're updated app :)
Changing the topic a bit, do you know of a site for checking whether an npm package is compromised.. something like Have I Been Pwnd? I couldn't find one in 30 seconds of googling...
Compromised packages tend to be removed as soon as npm finds out about it, so there's not much need for a service like that.
There are services for checking whether a package has a vulnerability in. You can run
npm audit
or use something like Snyk to achieve this.