This package has limited bug data (1 entry). Check back later or see the package health page for the full signal.
eslint-scope known bugs
npm1 known bug in eslint-scope, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
1
bugs
Known bugs
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| critical | 3.7.2 | 3.7.3 | Malicious Package in eslint-scope Version 3.7.2 of `eslint-scope` was published without authorization and was found to contain malicious code. This code would read the users `.npmrc` file and send any found authentication tokens to 2 remote servers.
## Recommendation
The best course of action if you found this package installed in your environment is to revoke all your npm tokens. You can find instructions on how to do that here. https://docs.npmjs.com/getting-started/working_with_tokens#how-to-revoke-tokens | fixed | osv:GHSA-hxxf-q3w9-4xgw |
API access
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/npm/eslint-scope