Name of the Vulnerable Software and Affected Versions event-stream versions 3.3.6 flatmap-stream (affected versions not specified)

Description A malicious package flatmap-stream was added as a dependency to the NPM event-stream package. This issue affects users of event-stream who have version 3.3.6. Users are advised to take action to mitigate the risk.

Recommendations For event-stream version 3.3.6, downgrade to version 3.3.4 or upgrade to the latest 4.x version. For flatmap-stream, remove the dependency entirely.