-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better method of locking down dependencies and reviewing diffs between versions #19
Comments
Thanks for opening an issue! I can confirm that the malicious code doesn't affect this project. (Coincidentally, I am a contributor to Copay.) I'll bump the dependencies anyways though, just to avoid scaring users. Because this project doesn't have any dependencies for downstream consumers, vulnerabilities like this in dependencies are a bit less likely to be a problem (unless they specifically target |
Closing in favor of: #22 |
I'm submitting a ...
[x ] bug report
[ ] feature request
[ ] question about the decisions made in the repository
[ ] question about how to use this project
Summary
It's possible this project is impacted by this malicious code : I don't know what to say. dominictarr/event-stream#116
Dependency listed on this page: https://libraries.io/npm/flatmap-stream/usage?page=3&requirements=0.1.1
Although the exploit targets Bitcoin wallets derived from Copay, so it may not be relevant here. Regardless, dependencies on packages controlled by malicious sources should be removed.
The text was updated successfully, but these errors were encountered: