New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
a dependency of webpack, eslint-scope@3.7.2 has been hacked #7714
Comments
🚨 🚑 🚨 🚑 🚨 🚑 🚨 🚑 🚨 🚑 🚨 🚑 🚨 🚑 🚨 The hacked version has been unpublished now - but the harm may already have been done. You - the user - might have lost your NPM auth tokens. If not you, it might have happened to your CI servers. Chances are you are affected. This is what you do:
|
That's bad... |
Following up on removing tokens, it's far easier to go to https://www.npmjs.com/settings/{username}/tokens and remove them there. You'll have to |
npmjs has invalidated all tokens to resolve this issue. For users who want to resolve this issue manually, just |
It seems issue is resolved. |
see eslint/eslint-scope#39
eslint-scope@3.7.2 is a hacked version, which sends your ~/.npmrc to the hacker.
currently webpack depends on eslint-scope@^3.7.1, it's harmful.
The text was updated successfully, but these errors were encountered: