Warn HN: Malicious Package on NPM - check if you're affected

Hi HN, As a user of OnsenUI, I came across something bizarre today. Running `npm install` lead to a warning and on further investigating, revealed there was a malicious package stuck inside my installation.<p>Running `npm audit` showed the following info:<p>Critical: Malicious Package Package: flatmap-stream Patched in: No patch available Dependency of: onsenui Path: onsenui &gt; gulp-protractor &gt; event-stream &gt; flatmap-stream More info: https:&#x2F;&#x2F;nodesecurity.io&#x2F;advisories&#x2F;737<p>What exactly happened? Apparently the maintainer of `flatmap-stream` gave write access to his repo to a random guy claiming to want to maintain the package. Both of them have been rid off write access as of now.<p>I have since reported this issue to OnsenUI community: https:&#x2F;&#x2F;github.com&#x2F;OnsenUI&#x2F;OnsenUI&#x2F;issues&#x2F;2592<p>If you&#x27;re using this in production, please watch out.<p>More details on here: https:&#x2F;&#x2F;github.com&#x2F;dominictarr&#x2F;event-stream&#x2F;issues&#x2F;116<p>P.S - this applies to anyone who uses packages that use `flatmap-stream`, not just OnsenUI.<p>To find out if you&#x27;re affected, run `npm audit`.