Is there a bug in eslint-scope 3.7.2?

Malicious Package in eslint-scope Version 3.7.2 of `eslint-scope` was published without authorization and was found to contain malicious code. This code would read the users `.npmrc` file and send any found authentication tokens to 2 remote servers. ## Recommendation The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens Fixed in eslint-scope 3.7.3.

This package has limited bug data (1 entry). Check back later or see the package health page for the full signal.

eslint-scope known bugs

npm

1 known bug in eslint-scope, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.

View package health \u2192 Breaking changes \u2192

bugs

Known bugs

Severity	Affected	Fixed in	Title	Status	Source
critical	3.7.2	3.7.3	Malicious Package in eslint-scope Version 3.7.2 of `eslint-scope` was published without authorization and was found to contain malicious code. This code would read the users `.npmrc` file and send any found authentication tokens to 2 remote servers. ## Recommendation The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens	fixed	osv:GHSA-hxxf-q3w9-4xgw

API access

Get this data programmatically \u2014 free, no authentication.

curl https://depscope.dev/api/bugs/npm/eslint-scope