VYPR

npm · Malicious package advisory

Malware

eslint-plugin-prettier

MAL-2025-6023

Malicious code in eslint-plugin-prettier (npm)

Details

This package installs a windows based malware file node-gyp.dll via install.js

Compromised versions (2)

  • 4.2.2
  • 4.2.3

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.