@cyberhub/trust-event-stream 1.0.61 → 1.0.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +8 -12
  2. package/package.json +2 -3
package/README.md CHANGED
@@ -1,12 +1,12 @@
1
1
  # Security Trust Report: event-stream
2
2
 
3
- **event-stream@4.0.1: 53/100 | Grade: C | Tier: STANDARD** (confidence: ±3)
3
+ **event-stream@4.0.1: 54/100 | Grade: C | Tier: STANDARD** (confidence: ±3)
4
4
 
5
5
  > Data verified on 2026-04-02 from 8 security databases.
6
6
 
7
7
  ## TL;DR
8
8
 
9
- - **1 vulnerability found** (1 critical, 0 high)
9
+ - **Security incident detected** compromised via account takeover/sabotage
10
10
  - Consider switching to **highland** (High-level streams library)
11
11
  - Pin your version and monitor for changes
12
12
 
@@ -20,27 +20,23 @@ In November 2018, a malicious contributor (@right9ctrl) gained maintainer access
20
20
  Maintainer Trust: █████████░░░░░░░░░░░ 44/100
21
21
  Package Health: █████████████████░░░ 86/100
22
22
  Supply Chain: ████████░░░░░░░░░░░░ 39/100
23
- Community: ████████░░░░░░░░░░░░ 41/100
23
+ Community: █████████░░░░░░░░░░░ 46/100
24
24
  ```
25
25
 
26
26
  ### Why this score?
27
27
 
28
28
  - Maintainer Trust is 44 because: single maintainer (bus factor risk), maintainer changes detected
29
- - Supply Chain is 39 because: 1 known CVEs, in breach database
30
- - Community is 41 because: GitHub repo inactive
29
+ - Supply Chain is 39 because: 1 security incident(s) in breach database, in breach database
30
+ - Community is 46 because: no public GitHub repo linked (may be private or on another platform)
31
31
 
32
- ## Vulnerabilities (1 vulnerability)
32
+ ## ⚠️ Security Incident
33
33
 
34
- | Severity | Count |
35
- |----------|-------|
36
- | 🔴 Critical | 1 |
37
-
38
- - [GHSA-mh6f-8j2x-4483](https://github.com/advisories/GHSA-mh6f-8j2x-4483)
34
+ This package was compromised via account takeover/sabotage (no CVE assigned). See Security Incident Background above for details.
39
35
 
40
36
  ## Key Risk Flags
41
37
 
42
38
  - 🔴 **CRITICAL**: HISTORICAL BREACH: Malicious code injected via flatmap-stream (2018)
43
- - 🔴 **CRITICAL**: 1 CRITICAL vulnerability from live CVE databases
39
+ - 🔴 **CRITICAL**: 1 CRITICAL security incident from breach database (no CVE assigned)
44
40
  - 🟠 **HIGH**: Primary maintainer account is less than 6 months old (0 days)
45
41
  - 🟠 **HIGH**: Maintainer(s) removed in v4.0.0: dominictarr
46
42
  - 🟠 **HIGH**: Burst publishing detected — 5+ versions in a single day
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@cyberhub/trust-event-stream",
3
- "version": "1.0.61",
4
- "description": "Security Trust Report: event-stream@4.0.1 — 53/100 (C, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.",
3
+ "version": "1.0.62",
4
+ "description": "Security Trust Report: event-stream@4.0.1 — 54/100 (C, standard). Security incident detected. Maintainer risk, supply chain analysis from 8 security databases.",
5
5
  "keywords": [
6
6
  "event-stream",
7
7
  "event-stream",
@@ -17,7 +17,6 @@
17
17
  "scan",
18
18
  "risk",
19
19
  "risk-assessment",
20
- "GHSA-mh6f-8j2x-4483",
21
20
  "highland",
22
21
  "Node.js streams",
23
22
  "through2",