eslint
eslint-scope/config-eslint NPM compromise steals NPM tokens
An attacker compromised the npm account of an ESLint maintainer and published malicious versions of eslint-scope and eslint-config-eslint. The injected code searched developer machines for .npmrc authentication tokens, aiming to turn one trusted maintainer account into many future publishing keys.
- Date
- 2018-07-12
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Data Exfiltration
- Cause
- Compromised Account/Credentials
What Was Affected
Package
eslint
LanguageJavascript
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
npmjs.org
Repository
github.com/eslint/eslint-scope
Compromised Versions
Incident Context
- Motive
- Credential Theft
- Attribution
- Individual Hacker
- Transitive
- No
- User Impact
- 4500
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
- registry.npmjs.org/eslint-scope/-/eslint-scope-3.7.2.tgz
- registry.npmjs.org/eslint-config-eslint/-/eslint-config-eslint-5.0.2.tgz
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:ecdf72a1e1a4cfb67e220c827b2a7613cf8b0280cac0936879a2c12398897ce4sha256:b208f83f1e4e3a3273d59acf970cb9678e8b46554bee2b2034675038b25ac15c
External References
Source Data
Source record: oss/eslint/meta.yaml