MAL-2025-19830: Malicious code in eslint-config-googlejs-es6 (npm)
(updated )
This malicious package was published during the PhantomRaven NPM campaign. The malicious payload steals tokens and credentials.
References
Code Behaviors & Features
Detect and mitigate MAL-2025-19830 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →