Version 2.0.0 of
eslint-config-airbnb-standard was published with a bundled version of
eslint-scope that was found to contain malicious code. This code would read the users
.npmrc file and send it's contents to a remote server.
The best course of action if you found this package installed in your environment is to revoke all your npm tokens and use a different version of the module. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens