The eslint-scope virus and Ryan Dahl's JSConf presentation
The gist was that some malicious third party was exfiltrating NPM auth tokens that it would probably later use to infect more packages in a ripple-like manner.
What's even funnier is that while I was listening to Ryan Dahl's 2018 JSConf presentation, I heard him complain about a similar hypothetical situation with ESLint, namely, that it could take over your computer, due to Node's non-restrictive model with filesystem and network access.
It's the first episode I've recorded in a while and I'd be happy if you would listen to it and give me some feedback. I'm going to publish a new episode each Tuesday so stay tuned.