Warning! NPM package eslint-scope 3.7.2 has been compromised

Published 2 months ago by Nash

From the incident report:

Version 3.7.2 of the popular package eslint-scope was published without authorization ( see https://github.com/eslint/eslint-scope/issues/39 ). This version contained apparently malicious code that attempted to steal npm login tokens. It has been unpublished and is no longer available.

2 months ago (75,060 XP)


the dangers of all the third party packages that are being installed

Please sign in or create an account to participate in this conversation.