// year
2018 incidents
Every incident with a disclosure date in 2018, sorted by date.
2 incidents indexed
- ·HIGH7.4·confirmed
event-stream / flatmap-stream Backdoor (2018)
A new maintainer of the popular event-stream npm package added a malicious sub-dependency, flatmap-stream, that exfiltrated cryptocurrency wallet seeds from Copay-derived applications.
vector / npm supply chainplatforms / npmread / 4 min - ·HIGH7.6·confirmed
eslint-scope npm Publish Token Theft (2018)
An attacker stole an ESLint maintainer's npm credentials and published a malicious eslint-scope version that exfiltrated developer .npmrc tokens to a remote server.
vector / npm supply chainplatforms / npmread / 4 min