Описание
Malicious Package in eslint-config-airbnb-standard
Version 2.0.0 of eslint-config-airbnb-standard was published with a bundled version of eslint-scope that was found to contain malicious code. This code would read the users .npmrc file and send it's contents to a remote server.
Recommendation
The best course of action if you found this package installed in your environment is to revoke all your npm tokens and use a different version of the module. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens
Пакеты
Наименование
eslint-config-airbnb-standard
npm
Затронутые версииВерсия исправления
= 2.0.0
2.1.0
9.8 Critical
CVSS3
Дефекты
CWE-506
9.8 Critical
CVSS3
Дефекты
CWE-506