Check your projects for flatmap-stream dependency. It was a dependency attached to firstname.lastname@example.org which was originally maintained by the author dominictarr but unknowingly gave full access and control over to a hacker name right9ctrl. The goal of the latter was to harvest crypto wallet credentials.
Get rid of this dependency and update event-stream past 3.3.6 to later (After 4.0.1 would be good or just not using it at all would be best). event-stream is no longer being maintained by right9ctrl (he was banned) so just skipping that specific malicious version will do.
I don’t think you have to worry to much about any current projects you may have started but look into any of your dated projects from six months to a year and back.
And above all else, make yourself reachable if you are developing widely used applications so that someone can warn you of future attacks or if they see that your project has be compromised.