npm

eslint-plugin-totara @99.9.1

Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC

Malicious

OSV ID

MAL-2026-2846

Ecosystem

npm

Summary

The package eslint-plugin-totara was found to contain malicious code.

Source: amazon-inspector (96447eb1f41df9da2d8e298530e25265374244a3e23279006ca447a8a5b0c0bd)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.