Описание
Malicious Package in eslint-config-eslint
Version 5.0.2 of eslint-config-eslint was published without authorization and was found to contain malicious code. This code would read the users .npmrc file and send any found authentication tokens to a remote server.
Recommendation
The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens
Users may consider downgrading to version 5.0.1
Пакеты
Наименование
eslint-config-eslint
npm
Затронутые версииВерсия исправления
= 5.0.2
Отсутствует