Dependency on malicious package event-stream 3.3.6 

Are you aware of that this repo contains dependency on malicious package - event-stream 3.3.6 ?

More info for example: https://snyk.io/blog/malicious-code-found-in-npm-package-event-stream/