Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Malicious code used in dependency #3014
Node and OS info
Node 10.13.0 / npm 6.4.1 / macOS 10.14.1
Steps to reproduce
npm i -g @email@example.com
What is expected?
A version of event-stream that is not 3.3.6, as this is a malicious version.
What is actually happening?
vue-cli depends on @firstname.lastname@example.org, which depends on email@example.com, which depends on firstname.lastname@example.org, which depends on email@example.com.