eslint-config-prettier Compromise
July 2025 maintainer-phishing compromise that pushed malware through eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core and napi-postinstall, packages with tens of millions of weekly downloads.
discovered 2025-07-21
Objective
Distribute Windows malware through trusted, high-download npm packages.
