{"id":7515,"date":"2018-07-24T23:59:00","date_gmt":"2018-07-24T15:59:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/vsnews\/?p=7515"},"modified":"2019-02-18T12:37:43","modified_gmt":"2019-02-18T20:37:43","slug":"aa1vsyt","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/vsnews\/akams-aa1vsyt\/","title":{"rendered":"Protecting our users from the ESLint NPM package breach"},"content":{"rendered":"<p><span>On the 12<\/span><span>th<\/span><span>\u00a0of July 2018, malicious code was detected in two popular open-source NPM packages, <strong>eslint-scope (version 3.7.2)<\/strong> and <strong>eslint-config-eslint (version 5.0.2)<\/strong>. As a result, developers who downloaded and installed these packages may have had credentials stored in their\u00a0<\/span><b><span>.npmrc\u00a0<\/span><\/b><span>file compromised. This may include credentials required to access package feeds hosted in Visual Studio Team Services.<\/span><span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the 12th\u00a0of July 2018, malicious code was detected in two popular open-source NPM packages, eslint-scope (version 3.7.2) and eslint-config-eslint (version 5.0.2). As a result, developers who downloaded and installed these packages may have had credentials stored in their\u00a0.npmrc\u00a0file compromised. This may include credentials required to access package feeds hosted in Visual Studio Team Services.\u00a0<\/p>\n","protected":false},"author":539,"featured_media":8227,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3,8],"tags":[],"class_list":["post-7515","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-allskus","category-vs4mac"],"acf":[],"blog_post_summary":"<p>On the 12th\u00a0of July 2018, malicious code was detected in two popular open-source NPM packages, eslint-scope (version 3.7.2) and eslint-config-eslint (version 5.0.2). As a result, developers who downloaded and installed these packages may have had credentials stored in their\u00a0.npmrc\u00a0file compromised. This may include credentials required to access package feeds hosted in Visual Studio Team Services.\u00a0<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/posts\/7515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/users\/539"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/comments?post=7515"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/posts\/7515\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/media\/8227"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/media?parent=7515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/categories?post=7515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/vsnews\/wp-json\/wp\/v2\/tags?post=7515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}