Prettier eslint-config-prettier Embedded Malicious Code Vulnerability

Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

MAL-2025-148001 Malicious code in slidev-config-prettier-plugin-markdown-start (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 945e834e497b6d587ec03ff3266acade36150e5844f41ba3cf81c5e4d8bed572 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-148121 Malicious code in spectron-node-config-prettier-selenium (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 38125f8865078f53318f1d7935b87aad45c4b1dda28e2906a20fdb84ff3cf22b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-121804

Malicious code in spectron-node-config-prettier-selenium npm...

EUVD-2025-21972

Malicious code in bioql PyPI...

@rustybrooks/eslint-config-prettier (>=1.0.0 <=1.0.18) potentially affected by unknown CVE via eslint-plugin-airbnb-base (=0.0.1-security)

eslint-plugin-airbnb-base NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on eslint-plugin-airbnb-base and may be impacted: - @rustybrooks/eslint-config-prettier =1.0.0, =1.0.18 Source cves: unknown CVE Source advisory:...

Fake npm Website Used to Push Malware via Stolen Token

Fake npm website used in phishing attack to steal maintainer token, leading to malware in popular JavaScript packages like eslint-config-prettier...

Malicious code in eslint-config-prettier (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

MAL-2025-6022 Malicious code in eslint-config-prettier (npm)

This package installs a windows based malware file node-gyp.dll via install.js...

CVE-2025-54313

A flaw was found in eslint-config-prettier. An affected version contains embedded malicious code that executes an install.js file during package installation. This script launches the node-gyp.dll malware on Windows systems, allowing a remote attacker to execute arbitrary code. Mitigation...

GHSA-F29H-PXVX-F335 eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall have embedded malicious code

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

VulnCheck KEV: CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

eslint-config-prettier 安全漏洞

eslint-config-prettier is a Prettier open source application. A security vulnerability exists in eslint-config-prettier version 8.10.1, 9.1.1, 10.1.6, and 10.1.7, which stems from embedded malicious code that could lead to a supply chain attack...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows...

@bitrefill/airfill-widget (>=4.2.2 <=4.8.3), @chialab/rna-cli (>=2.2.0 <=4.0.0-beta.22) +94 more potentially affected by CVE-2024-21528 via node-gettext (>=0.1.2 <=3.0.0)

node-gettext NPM version =0.1.2, =4.2.2, =2.2.0, =2.2.0, =0.9.1, =1.1.2, =4.1.0-alpha.1, =0.0.4, =5.2.0-alpha.13, =5.2.0, =1.0.6, =1.0.17, =1.0.3, =4.1.2, =2.0.0, =2.3.1 and more Source cves: CVE-2024-21528 Source advisory: OSV:GHSA-G974-HXVM-X689...