Skip to content
This repository was archived by the owner on Feb 20, 2020. It is now read-only.

Dependency attack (flatmap-stream) #1

Closed
ajfarkas opened this issue Nov 26, 2018 · 2 comments
Closed

Dependency attack (flatmap-stream) #1

ajfarkas opened this issue Nov 26, 2018 · 2 comments

Comments

@ajfarkas
Copy link

It looks like there's an injection attack in a dependency of the version of ps-tree that you depend on.

NPM has pulled the offending package, but it breaks your package now because we can't load all dependencies.

The two obvious solutions are:

  1. Wait for an update to ps-tree and update spawn-command-with-kill accordingly.
  2. Find an alternative to ps-tree.

Thanks!
@kentcdodds
Copy link
Owner

Thanks for letting me know! I'm not really using this package or maintaining it. If you or anyone else would like to work on a pull request, I would gladly merge 👍

@ajfarkas
Copy link
Author

looks like ps-tree just updated, so we're all good!

@german-bortoli german-bortoli mentioned this issue Nov 27, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kentcdodds @ajfarkas