You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Malicious Package in eslint-scope
Critical severity
GitHub Reviewed
Published
Jul 12, 2018
to the GitHub Advisory Database
•
Updated Jul 7, 2023
Version 3.7.2 of eslint-scope was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to 2 remote servers.
Version 3.7.2 of
eslint-scopewas published without authorization and was found to contain malicious code. This code would read the users.npmrcfile and send any found authentication tokens to 2 remote servers.Recommendation
The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens
References