VERY IMPORTANT

A backdoor was introduced on eslint-scope (version 3.7.2) upon which ESLint depends. It seems that the goal of this hack was to leak NPM tokens. We advise you to take the following actions as soon as possible: Revoke all your NPM tokens at once Enable 2FA on your NPM account for all scopes Audit the NPM packages you own to ensure nobody published new versions without you knowing If you are running a private registry or a mirror, delete this package Ensure you don’t have eslint-scope version 3.7.2 on your computers