Hello,
The package flatmap-stream has been unpublished by npm because of potential malicious code. See https://github.com/dominictarr/event-stream/issues/116
Thus, npm install -g appcenter-cli fails right now...
Hi @Minishlink - thanks for reporting this. We're looking in to a solution for this.
Should be able to just lock to [email protected] instead of ^3.3.4?
I am having the same issue I believe trying to install appcenter-cli
386 verbose stack flatmap-stream: No valid versions available for flatmap-stream
386 verbose stack at pickManifest (C:\Program Files\nodejs\node_modules\npm\node_modules\npm-pick-manifest\index.js:20:11)
386 verbose stack at fetchPackument.then.packument (C:\Program Files\nodejs\node_modules\npm\node_modules\pacote\lib\fetchers\registry\manifest.js:39:14)
386 verbose stack at tryCatcher (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\util.js:16:23)
386 verbose stack at Promise._settlePromiseFromHandler (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:512:31)
386 verbose stack at Promise._settlePromise (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:569:18)
386 verbose stack at Promise._settlePromise0 (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:614:10)
386 verbose stack at Promise._settlePromises (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\promise.js:693:18)
386 verbose stack at Async._drainQueue (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\async.js:133:16)
386 verbose stack at Async._drainQueues (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\async.js:143:10)
386 verbose stack at Immediate.Async.drainQueues [as _onImmediate] (C:\Program Files\nodejs\node_modules\npm\node_modules\bluebird\js\release\async.js:17:14)
386 verbose stack at runCallback (timers.js:705:18)
386 verbose stack at tryOnImmediate (timers.js:676:5)
386 verbose stack at processImmediate (timers.js:658:5)
387 verbose cwd C:\WINDOWS\system32
388 verbose Windows_NT 10.0.17134
389 verbose argv "C:\\Program Files\\nodejs\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "-g" "appcenter-cli"
390 verbose node v10.13.0
391 verbose npm v6.4.1
392 error code ENOVERSIONS
393 error No valid versions available for flatmap-stream
394 verbose exit [ 1, true ]
Hi @Minishlink, @tedrog36 and @MrTravisB, thank you for notifying us! We're investigating this issue now.
Thanks @amchew! Seems to be working now.
Thanks everyone! We've released a version fixed at 3.3.4 just in case. Release notes are here
I've also written up an internal memo about this vulnerability so we can dissect what happened and see if there is anything better we can do to identify and mitigate against things like this happening in future. Reading up about the actual injection attack - it won't have affected our users but it would be good to use this as a learning opportunity.
@amchew - closing this 馃檪
Awesome to hear @tedrog36, and thanks for the quick fix @owenniblock! FYI @Minishlink and @MrTravisB, we've just re-released v1.1.8, you should be able to install appcenter-cli now. Please test this out, and let us know if you face any issues.
Thank you!
Most helpful comment
Thanks everyone! We've released a version fixed at
3.3.4just in case. Release notes are hereI've also written up an internal memo about this vulnerability so we can dissect what happened and see if there is anything better we can do to identify and mitigate against things like this happening in future. Reading up about the actual injection attack - it won't have affected our users but it would be good to use this as a learning opportunity.
@amchew - closing this 馃檪