Tired of maintaining code that was written to be freely distributed, an “unrepentant module giver awayer” (aka developer) handed it over after GitHub dev “right9control” volunteered to take over the popular JavaScript library. The library Event-Stream, written in Node.js, has over 2 million downloads per week. The library, which was listed in NPM’s repository, was then updated with malicious code that contains cryptocurrency-stealing malware.
Put another way, Event-Stream was updated to include Flatmap-Stream as a dependency.
