ms-vscode.powershell-2.0.0-insiders-834 flagged by Symantec Endpoint Protection with trojan

[gwojan]

I installed the ms-vscode.powershell-2.0.0-insiders-834 extension this morning and was promptly notified by my security team the Symantec Endpoint Protection identified the file C:\Users\bubba\.vscode-insiders\extensions\ms-vscode.powershell-2.0.0-insiders-834\node_modules\flatmap-stream\index.min.js as containing trojan software.

Node Module Trojan

I've checked the node_modules directory of the v1.9 branch and don't see this package installed...

[ExE-Boss]

That’s because the event‑stream package got hijacked and had the malicious payload flatmap‑stream added as a dependency.

See dominictarr/event-stream#116 for details.

[rjmholt]

Please see here

[gwojan]

Please see here

Thanks.

[ExE-Boss]

Well, npm has removed flatmap‑stream and seized control over event‑stream and removed the offending versions depending on it, so this has been effectively neutralised for new installations (only those who installed it during the period before flatmap‑stream was removed from npm are potentially affected).