VYPR

npm · Malicious package advisory

Malware

eslint-config-prettier

MAL-2025-6022

Malicious code in eslint-config-prettier (npm)

Details

This package installs a windows based malware file node-gyp.dll via install.js

Compromised versions (4)

  • 8.10.1
  • 9.1.1
  • 10.1.6
  • 10.1.7

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.