SUPPLY-CHAIN REPORT

dominictarr/event-stream

EventStream is like functional programming meets IO

VERDICTCOMPROMISED·50/100

View on GitHub →

STARS

2,179

FORKS

146

OPEN ISSUES

LANGUAGE

JavaScript

LICENSE

MIT

LAST PUSH

2018-11-27

SIGNALS

BAD

Historical supply-chain incidents

1 known incident on record. Worst: event-stream / flatmap-stream cryptocurrency wallet stealer.

Historical security advisories

No published security advisories on this repo.

WARN

Repository status

Repository archived — no longer receiving security fixes.

Ecosystem trust

2,179 stars.

License

MIT

HISTORICAL INCIDENTS (1)

CRITICAL2018-11-26

event-stream / flatmap-stream cryptocurrency wallet stealer

Ownership of popular npm package event-stream transferred to an unknown contributor who added malicious dependency flatmap-stream targeting the Copay Bitcoin wallet.

Source →

METHODOLOGY

This report is generated on demand by querying the GitHub API for repository metadata and published security advisories, then cross-referencing our curated database of known supply-chain incidents (xz-utils, event-stream, ua-parser-js, colors.js, tj-actions, Codecov, and more). Results are cached for 24 hours. We do not scan repository code or dependencies — for that, see Snyk or Socket. Verdict: CLEAN ≥80, CAUTION 50–79, COMPROMISED<50.

SCAN A DEPLOYED SITE

Repo looks clean but the live deployment might still be exposing headers, CORS, or SSL misconfigurations.

SCAN A URL →

SCANNING dominictarr/event-stream...