You may have already seen this, @Gargron (https://github.com/dominictarr/event-stream/issues/116) but it appears that Mastodon includes some NPM libraries discovered today to be backdoored (for some time apparently)
@jerry Mastodon includes 0.1.0 of the flatmap package. The affected version is 0.1.1 as I understand
@Gargron that looks right
Invite-only Mastodon server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!