npm · Malicious package advisory
Malwareeslint-config-prettier
MAL-2025-6022
Malicious code in eslint-config-prettier (npm)
Details
This package installs a windows based malware file node-gyp.dll via install.js
Compromised versions (4)
- 8.10.1
- 9.1.1
- 10.1.6
- 10.1.7
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.