VYPR
High severityCISA KEVNVD Advisory· Published Jul 19, 2025· Updated Feb 26, 2026

CVE-2025-54313

CVE-2025-54313

Description

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
eslint-config-prettiernpm
>= 8.10.1, < 8.10.28.10.2
eslint-config-prettiernpm
>= 9.1.1, < 9.1.29.1.2
eslint-config-prettiernpm
>= 10.1.6, < 10.1.810.1.8
eslint-plugin-prettiernpm
>= 4.2.2, < 4.2.44.2.4
synckitnpm
>= 0.11.9, < 0.11.100.11.10
@pkgr/corenpm
>= 0.2.8, < 0.2.90.2.9
napi-postinstallnpm
>= 0.3.1, < 0.3.20.3.2
got-fetchnpm
>= 5.1.11, < 6.0.06.0.0

Affected products

7

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.