Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to revoke npm tokens and clear node_modules recursively after eslint-scope hack

Here are some useful commands for securing your environment in light of the eslint-scope hack.

List all npm tokens

npm token list

Revoke an npm token

npm token revoke <token_id>

Find all node_modules directories (dry run)

find . -name "node_modules" -type d -prune

Find all node_modules directories and remove them

find . -name "node_modules" -type d -prune -exec rm -rf '{}' +

Find all package.json and package-lock.json files that mention eslint-scope

find . -type f -name "package*.json" -exec grep -H 'eslint-scope' {} \;

This comment has been minimized.

Copy link
Owner Author

@localjo localjo commented Jul 12, 2018

After running these commands, it's also a good idea to make sure that 2FA is enabled on your npm account, and change your password.


This comment has been minimized.

Copy link

@pabo pabo commented Jul 12, 2018

list all currently installed versions of eslint-scope: find . -name eslint-scope | xargs -n1 -I{} cat {}/package.json | jq .version


This comment has been minimized.

Copy link

@alexmattingley alexmattingley commented Jul 12, 2018

Its probably also a good idea to check for eslint-scope in your globally installed packages and their respective dependencies:
npm list -g | grep eslint-scope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment