Github Token Leak

2017-10-12T19:20:12
ID NODEJS:546
Type nodejs
Reporter David Dias
Modified 2018-04-09T01:45:22

Description

Overview

Affected versions of aegir bundle and publish the current users github token to npm when aegir-release is executed.

Recommendation

Update to version 12.0.8 or later.

If you used this module to do a release for your project you should invalidate the GitHub tokens that were leaked.