event-stream: Analysis of a Compromised npm Package

Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Intrinsic and author of "Compromised npm Package: event-stream", and Brian Fox, CTO of Sonatype, author of the Forbes "Open Source Developers And Infrastructure Are The New Front Line Of Security?" article. Compromised npm Package: event-stream https://medium.com/intrinsic/compromi... Open Source Developers And Infrastructure Are The New Front Line Of Security https://www.forbes.com/sites/forbestechcouncil/2018/05/11/open-source-developers-and-infrastructure-are-the-new-front-line-of-security/#2ad9e84457c2 Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof https://blog.sonatype.com/open-source-software-is-under-attack-new-event-stream-hack-is-latest-proof