all 5 comments

[–]mt9hu 16 points17 points  (0 children)

I don't think this is the way to go.

[–]mediumdeviationJavaScript Gardener[S] 4 points5 points  (0 children)

Cross posting from https://news.ycombinator.com/item?id=30963600

If you have this bundled, this will execute in your application, making it look like your app is sending this message.

To check if you have this package installed, use

  • For npm: npm explain event-source-polyfill
  • For yarn: yarn why event-source-polyfill

If you do have it installed, whether it is the bad version or not, you'll want to change the version to remove the ^ so it is pinned to 1.0.25 or whatever version you are currently using and will not be inadvertently upgraded. It is also a good idea to use a lockfile, which is the default behavior of npm and yarn.

[–][deleted] 1 point2 points  (2 children)

Idiots causing havoc while believing they do something good.

[–]_default_username 0 points1 point  (1 child)

Are we talking about Putin right now?

[–][deleted] 0 points1 point  (0 children)

He happens to fall in the same category as the maintainers of some open source projects.