GMS-2020-528: Malicious Package

September 2, 2020

of stream-combine has malicious code design to steal credentials and credit card information.This package is not available on the npm Registry anymore. If you used this module and your application processed credentials or credit card information, it is possible that information was stolen.

References

github.com/advisories/GHSA-w6xj-45gv-fw35
www.npmjs.com/advisories/774

Detect and mitigate GMS-2020-528 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →