Disclaimer: I’m far from being a security system expert so if you find any mistakes please comment on this post. I definitely appreciate any and all feedback!
The latest attack on ESLint was simple and direct. Everyone who executed npm installand is using ESLint, directly or though babel, was probably effected by it. You can read more about the malicious attack on ESLint in ESLint blog post .
To check if any of your file were possibly infected, simply run the following command on linux:
cd / && sudo find . -name 'package.json' -exec grep -i -s -r -e "eslint-scope@3.7.2" -e "eslint-config-eslint@5.0.2" basename {} \; && echo "Finish scanning your computer"The script requires root permissions and it might take minutes or up to an hour to scan your entire file system. The results will look like:
./some/path/project1/eslint-scope/package.json: "_id": "eslint-scope@3.7.1",./some/path/project2/node_modules/eslint-scope/package.json: "_id": "eslint-scope@3.7.1",./some/path/project3/node_modules/eslint-scope/package.json: "_id": "eslint-scope@3.7.1",
Now we know that project1 , project2 , and project3 are infected.
The solution depends on how the package is installed — locally, globally, or a depended of webpack or babel-eslint. In any case, make sure to follow the recommendations in the blog post.
Barak Ben Noon is a full-stack developer at Comet.ml. He is currently studying Mathematics & Computer Science at Columbia University and previously served in the special forces.
About Comet.ml — Comet.ml is doing for ML what Github did for code. Our lightweight SDK enable data science teams to automatically track their datasets, code changes, experimentation history. This way, data scientists can easily reproduce their models and collaborate on model iteration amongst their team!
