ESLint Security Incident

Happily, the version my installed eslint contains is later:

% npm info eslint|grep scope
eslint-scope: ^4.0.0

Interesting attack: Collect one bad password, use that to get someone's npm credentials, push a virus that uploads more peoples' npm credentials. Soon they could have had every package infected. Only being watchful prevented catastrophe.

Repeating my Password lesson: Use strong passwords. Do not ever reuse passwords.

Leave a Reply

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)