From the incident report:
Version 3.7.2 of the popular package
eslint-scopewas published without authorization ( see https://github.com/eslint/eslint-scope/issues/39 ). This version contained apparently malicious code that attempted to steal npm login tokens. It has been unpublished and is no longer available.
Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.