Warning! NPM package eslint-scope 3.7.2 has been compromised

Published 1 week ago by Nash

From the incident report:

Version 3.7.2 of the popular package eslint-scope was published without authorization ( see https://github.com/eslint/eslint-scope/issues/39 ). This version contained apparently malicious code that attempted to steal npm login tokens. It has been unpublished and is no longer available.

click
click
1 week ago (59,590 XP)

+1

the dangers of all the third party packages that are being installed

Please sign in or create an account to participate in this conversation.