Threat detected: Coinminer.JS.MALb (flatmap-stream) #2861
Comments
|
There also seems to be an issue in the dev dependencies for cypress:
It's less of a concern due to it being a dev dep, but still alarming. I tried looking into npm-run-all but the cypress fork has not been updated in a while. The original package no longer depends on ps-tree. |
|
Interesting, Why would the production package on the CDN contain the development dependencies? |
|
Still no word official word about this? (cc @chrisbreiding) |
|
Thanks for opening this issue. I do indeed see that |
jennifer-shehane
added
pkg/server
|
We've updgraded the necessary dependencies to either remove |
|
@chrisbreiding Do you have a release date? |
|
Can't promise a date, but if not today, then certainly sometime this week. We're still looking into why a dev dependency made it into the production binary, as that should not happen. Seems that it only happens with the windows binary |
|
Let me open a new issue about |
jennifer-shehane
added
stage: pending release
and removed
stage: ready for work
|
Released in |
Current behavior:
Unable to extract cypress because a dependency (
flatmap-stream) is compromised.Desired behavior:
To be able to extract cypress without errors from an AV software.
Steps to reproduce:
Pre-requisites: have an anti-virus software (TrendMicro in my case)
Problematic file:
.\Cypress\resources\app\packages\server\node_modules\flatmap-stream\test\data.jsflatmap-stream has been removed from npm
Versions
Latest version, downloaded from https://cdn.cypress.io/desktop/3.1.2/win64/cypress.zip
Further information
Looking at the
package-lock.jsonin.\Cypress\resources\app\packages\server\, it seems likeflatmap-streamis being pulled, indirectly, bynodemonThe text was updated successfully, but these errors were encountered: