Details
Description
copy-pasting derektapley's report in ZEPPELIN-3881
I see that the error is do to flatmap-stream 0.1.1 not being found, which is a dependency of the event-stream library. It turns out this might actually be due to being a "poisoned' library, as some news articles recently indicate that event-stream was [backdoored to exploit a popular cryptocurrency wallet|https://www.zdnet.com/article/hacker-backdoors-popular-javascript-library-to-steal-bitcoin-funds/.] As such, npmjs.com has removed the dependency and the event-stream version needs to be updated to the latest, 4.0.1.
It seems that zeppelin master build is broken due to this.
Would it be possible to remove dependency of either `flatmap-stream` or `event-stream` or find a secure equivalent ?
Attachments
Issue Links
- links to