Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to revoke npm tokens and clear node_modules recursively after eslint-scope hack

Here are some useful commands for securing your environment in light of the eslint-scope hack.

List all npm tokens

npm token list

Revoke an npm token

npm token revoke <token_id>

Find all node_modules directories (dry run)

find . -name "node_modules" -type d -prune

Find all node_modules directories and remove them

find . -name "node_modules" -type d -prune -exec rm -rf '{}' +

Find all package.json and package-lock.json files that mention eslint-scope

find . -type f -name "package*.json" -exec grep -H 'eslint-scope' {} \;
Copy link

localjo commented Jul 12, 2018

After running these commands, it's also a good idea to make sure that 2FA is enabled on your npm account, and change your password.

Copy link

pabo commented Jul 12, 2018

list all currently installed versions of eslint-scope: find . -name eslint-scope | xargs -n1 -I{} cat {}/package.json | jq .version

Copy link

alexmattingley commented Jul 12, 2018

Its probably also a good idea to check for eslint-scope in your globally installed packages and their respective dependencies:
npm list -g | grep eslint-scope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment