Which project does this relate to?
Start
Describe the bug
@tanstack/eslint-plugin-start has been flagged with CRITICAL malware severity in the GitHub Advisory Database.
Advisory Details
ID: GHSA-8hwj-wqhq-3xw2
Severity: CRITICAL (Malware)
Affected versions:
= 0.0.7
= 0.0.4
= 0
Patched versions: (unknown)
The 0.0.7 and 0.0.4 are no longer in NPM but >=0 is still catching 0.1.0 and any future versions.
This is the same as #7384
Resolution:
Github must remove the >= 0 VVR
#7384 (comment)
Complete minimal reproducer
not relevant
Steps to Reproduce the Bug
npm i @tanstack/eslint-plugin-start
npm audit
npm audit report
@tanstack/eslint-plugin-start *
Severity: critical
Malware in @tanstack/eslint-plugin-start - GHSA-8hwj-wqhq-3xw2
No fix available
node_modules/@tanstack/eslint-plugin-start
Expected behavior
Audit pass with no malware
Screenshots or Videos
No response
Platform
npm
Additional context
No response
Which project does this relate to?
Start
Describe the bug
@tanstack/eslint-plugin-start has been flagged with CRITICAL malware severity in the GitHub Advisory Database.
Advisory Details
ID: GHSA-8hwj-wqhq-3xw2
Severity: CRITICAL (Malware)
Affected versions:
= 0.0.7
= 0.0.4
The 0.0.7 and 0.0.4 are no longer in NPM but >=0 is still catching 0.1.0 and any future versions.
This is the same as #7384
Resolution:
Github must remove the
>= 0VVR#7384 (comment)
Complete minimal reproducer
not relevant
Steps to Reproduce the Bug
npm i @tanstack/eslint-plugin-start
npm audit
npm audit report
@tanstack/eslint-plugin-start *
Severity: critical
Malware in @tanstack/eslint-plugin-start - GHSA-8hwj-wqhq-3xw2
No fix available
node_modules/@tanstack/eslint-plugin-start
Expected behavior
Audit pass with no malware
Screenshots or Videos
No response
Platform
npm
Additional context
No response