@cyberhub/trust-event-stream 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -0
- package/package.json +21 -0
package/README.md
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# Security Trust Report: event-stream
|
|
2
|
+
|
|
3
|
+
**Score: 62/100 | Grade: C+ | Tier: STANDARD**
|
|
4
|
+
|
|
5
|
+
> This package was COMPROMISED in 2018. A malicious maintainer injected cryptocurrency-stealing code via the flatmap-stream dependency.
|
|
6
|
+
|
|
7
|
+
## Score Breakdown
|
|
8
|
+
|
|
9
|
+
| Category | Score |
|
|
10
|
+
|----------|-------|
|
|
11
|
+
| Maintainer Trust | 44/100 |
|
|
12
|
+
| Package Health | 94/100 |
|
|
13
|
+
| Supply Chain | 64/100 |
|
|
14
|
+
| Community | 46/100 |
|
|
15
|
+
|
|
16
|
+
## Flags
|
|
17
|
+
|
|
18
|
+
- **CRITICAL**: HISTORICAL BREACH: Malicious code injected via flatmap-stream (2018)
|
|
19
|
+
- **HIGH**: Primary maintainer account is less than 6 months old (0 days)
|
|
20
|
+
- **HIGH**: Maintainer(s) removed in v4.0.0: dominictarr
|
|
21
|
+
- **HIGH**: Burst publishing detected — 5+ versions in a single day
|
|
22
|
+
- **MEDIUM**: Maintainer has only published 0 version(s)
|
|
23
|
+
- **MEDIUM**: New maintainer(s) added in v3.3.5: right9ctrl
|
|
24
|
+
- **MEDIUM**: Single maintainer — bus factor risk
|
|
25
|
+
- **MEDIUM**: Package dormant — last published 2742 days ago
|
|
26
|
+
- **MEDIUM**: No GitHub repo found — community signals unavailable
|
|
27
|
+
- **LOW**: Erratic publish cadence — highly irregular release intervals
|
|
28
|
+
|
|
29
|
+
## Recommendation
|
|
30
|
+
|
|
31
|
+
Do NOT use event-stream. Use Node.js built-in streams or highland instead.
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
*Report by [pkgtrust](https://nrupak.com/trust/event-stream) — Updated 2026-04-02*
|
|
35
|
+
*[Dashboard](https://nrupak.com/trust) | [Compare](https://nrupak.com/trust/compare) | [CLI](https://npmjs.com/package/@cyberhub/pkgtrust)*
|
package/package.json
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@cyberhub/trust-event-stream",
|
|
3
|
+
"version": "1.0.0",
|
|
4
|
+
"description": "Security Trust Report for event-stream — 62/100 (C+, standard). COMPROMISED PACKAGE. Maintainer risk and supply chain analysis from 8 security databases.",
|
|
5
|
+
"keywords": [
|
|
6
|
+
"event-stream",
|
|
7
|
+
"security",
|
|
8
|
+
"trust-score",
|
|
9
|
+
"vulnerability",
|
|
10
|
+
"pkgtrust",
|
|
11
|
+
"compromised",
|
|
12
|
+
"supply-chain-attack"
|
|
13
|
+
],
|
|
14
|
+
"license": "MIT",
|
|
15
|
+
"author": "Nrupak Shah",
|
|
16
|
+
"repository": {
|
|
17
|
+
"type": "git",
|
|
18
|
+
"url": "https://github.com/nrupaks/pkgtrust"
|
|
19
|
+
},
|
|
20
|
+
"homepage": "https://nrupak.com/trust/event-stream"
|
|
21
|
+
}
|