Nautilus: Pelagic Mollusc
eslint-config-airbnb-standard

Malicious package

Severity: critical

Overview

Version 2.0.0 of eslint-config-airbnb-standard was published with a bundled version of eslint-scope that was found to contain malicious code. This code would read the users .npmrc file and send it's contents to a remote server.

Remediation

The best course of action if you found this package installed in your environment is to revoke all your npm tokens and use a different version of the module. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens

Vulnerable versions

2.0.0
a month ago

Unaffected versions

1.0.0
a year ago
1.0.1
a year ago
1.0.2
a year ago
1.0.3
a year ago
1.0.4
a year ago
1.0.5
a year ago
1.1.1
a year ago
1.1.2
a year ago
1.1.3
a year ago
1.1.4
a year ago
1.2.1
a year ago
1.2.2
a year ago
1.2.3
a year ago
1.2.4
a year ago
1.2.5
a year ago
1.2.6
a year ago
1.3.0
a year ago
1.3.1
a year ago
1.3.2
a year ago
1.3.3
a year ago
1.3.4
a year ago
1.3.5
a year ago
1.3.6
a year ago
1.3.7
a year ago
1.3.8
a year ago
1.3.9
a year ago
1.3.10
a year ago
1.3.11
a year ago
1.3.12
a year ago
1.4.0
a year ago
1.4.1
a year ago
1.5.0
10 months ago
1.6.0
10 months ago
1.6.1
9 months ago
1.6.2
9 months ago
1.6.3
9 months ago
1.6.4
9 months ago
1.6.5
9 months ago
1.6.6
8 months ago
2.1.0
a month ago
2.1.1
a month ago
2.1.2
a month ago
1.6.7
a month ago
2.1.3
a month ago
2.1.4
a month ago
2.1.5
a month ago
2.1.6
a month ago

Advisory timeline

  1. published

    Advisory published
    Jul 13th, 2018
  2. reported

    Jul 13th, 2018