-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
If you ran eslint (JavaScript codestyle linter) recently (it was only
compromised for an hour), your npm token might have been compromised
(~/.npmrc).
To identify if you were compromised, run:
$ locate eslint-scope | grep -i "eslint-scope/package.json" | xargs jq
.version
And if any of those show "3.7.2" then you have the bad package version
installed.
Upstream recommends that you 1) reset your npm token and 2) enable 2fa
for npm - both can be done from the npm website. You should probably
also check to make sure none of your packages were compromised.
There are some more details on the bug report[1].
[1]
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
- -- Legoktm
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+h6fmkHn9DUCyl1jUvyOe+23/KIFAltHdC0ACgkQUvyOe+23
/KJpBg//WXBSPKhjmZd43KrHu07NsasWvrU/SAOeBtKjdaLTA3Ry5N+Fdh7LUFFk
oEm1rnz6AnfW0LPIbiDn66FTJ7jF1X6sV1GxpKhFQyYs6SL7LL4wT/XplRSwUTTD
hHccwuqPueYpD208w0zRcWVO7wpU7Lm+8xFrVwjhK7Q1AF6GzfwtmHy22fY05doM
NzXvYgB9urC1fYPQsEO6IhgNH7DT+ZtYOiHnRk2vTgr3fkIjKh4bNEdrnaQ9TOH5
junlio+07llaF/gB/JWycctuy2z2T/zENLPwhy9ZK35DgikGaMsDU7mA6iGgoxhc
TQPDnn3Veel7FBXMPCrxYMDgcBCEqENdOfQcbEl9lXDocr7UjQF/0GsvhFncMoIY
GCfdSThYV6x/U9StyBdxerbX4fCddPgd2RvKjVgDmOdsOVGCU0/iKyhgrBh3AbfP
MNf+AzYCUGvnzfDsDIF+CvJhcddSHX44N5TGLubVwIMIHsvBevC+7D9uHGaLqkem
UR8xa489SZ8LOnsL8TgtRaGXNaWqeJX7tIGPtiS5s2bzhRDr8q062VOd3J/Qw3E0
AQSixX+dQezw282RHYpCk3xuRgbN1oKvCEbOyDB97sbo19f+W2k0CmPVxIaDkr50
D729WS+6XvozYaw0z/R1aOWJTJLTe9ZUO/Zi9qhDfQtLVzTz8M8=
=WybD
-----END PGP SIGNATURE-----