@redhat-cloud-services/eslint-config-redhat-cloud-services

@redhat-cloud-services/eslint-config-redhat-cloud-services is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (3.2.1) was later unpublished, wave 2 (3.2.2) is the live latest.