Supply Chain Incident

eslint-scope npm package credential-stealing release

An attacker used compromised npm maintainer credentials to publish malicious eslint-scope and eslint-config-eslint releases that attempted to steal npm tokens.

ConfidenceHigh
Evidence LevelVendor
Attack StageAccount Compromise
Source Artifact DivergenceNo

Affected Packages

Affected Releases

No structured records.

Repositories

Organizations

Maintainers

No structured records.

Threat Actors

No structured records.

Campaigns

No structured records.

Build Systems

No structured records.

Distribution Channels

  • npm registry

Compromised Accounts

  • eslint-scope npm maintainer account

Connected Entities

References