Unable to add @sentry/node@4.4.0 - No valid versions found for "flatmap-stream". The package may be unpublished


#1

I was trying to add the package mentioned in this post’s title, but I get the message every time I try to add it.

"No valid versions found for “flatmap-stream”. The package may be unpublished."

Recently, there was a malicious code detected within this package, which is a dependency for event-stream package used by Sentry’s node package.

What should I do? Is there any effort on resolving this?

Just for information purposes, the following link is one of the results found about the “attack”:

https://medium.com/intrinsic/compromised-npm-package-event-stream-d47d08605502

Thx in advance!


#2

Thanks for reporting this, an internal dev dependency was using this. We now published 4.4.1 the error should be gone.


#3

Hi @HazAT, thx for quickly acting on this subject!

I was able to install the package @sentry/node@4.4.1, but with some caveats.

I don’t know why, but it was complaining about not having node-gyp installed and exited installation everytime.

First, I’m using a Windows environment for development, so I had to install node-gyp package for windows, as I had Python already installed. I just followed option 1 and waited quite a long time for it to finish.

After that, just ran the command to install Sentry for node again and everything was done flawlessly.

Oh! BTW… NPM guys took flatmap-stream offline earlier today and replaced it with a dummy package later.

Thx again!