Nonviolent Pigeon Manifestation

Overview

Version 2.0.0 of eslint-config-airbnb-standard was published with a bundled version of eslint-scope that was found to contain malicious code. This code would read the users .npmrc file and send it's contents to a remote server.

Remediation

The best course of action if you found this package installed in your environment is to revoke all your npm tokens and use a different version of the module. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 13th, 2018
  2. reported

    Jul 13th, 2018