Version 2.0.0 of eslint-config-airbnb-standard was published with a bundled version of eslint-scope that was found to contain malicious code. This code would read the users .npmrc file and send it's contents to a remote server.


The best course of action if you found this package installed in your environment is to revoke all your npm tokens and use a different version of the module. You can find instructions on how to do that here.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Jul 13th, 2018
  2. reported

    Initial report by Eslint Team
    Jul 13th, 2018