Skip to content

fatal error: remove "event-stream@3.3.6"#16

Open
evanbiederstedt wants to merge 1 commit intoNX4:masterfrom
evanbiederstedt:feature/remove_event_stream3.3.6
Open

fatal error: remove "event-stream@3.3.6"#16
evanbiederstedt wants to merge 1 commit intoNX4:masterfrom
evanbiederstedt:feature/remove_event_stream3.3.6

Conversation

@evanbiederstedt
Copy link

@evanbiederstedt evanbiederstedt commented Mar 4, 2020

This removes event-stream@3.3.6, as there was a massive security flaw uncovered in November 2018.

https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
https://stackoverflow.com/questions/53578201/npm-err-404-not-found-event-stream3-3-6

I did the following, which updated packages for March 2020:

  1. Delete package_lock.json files
  2. npm list event-stream
  3. npm audit
  4. npm cache verify
  5. npm install --package-lock

and then committed the changes.

Currently, installing via the master branch gives a fatal error:

npm ERR! 404 Not Found - GET https://registry.npmjs.org/event-stream/-/event-stream-3.3.6.tgz
npm ERR! 404 
npm ERR! 404  'event-stream@3.3.6' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404 It was specified as a dependency of 'nx4'
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@evanbiederstedt