npm · Malicious package advisory
Malwareeslint-plugin-prettier
MAL-2025-6023
Malicious code in eslint-plugin-prettier (npm)
Details
This package installs a windows based malware file node-gyp.dll via install.js
Compromised versions (2)
- 4.2.2
- 4.2.3
Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.