{"campaign":{"name":"eslint-config-prettier Compromise","slug":"eslint-config-prettier-compromise","href":"/ti/campaigns/eslint-config-prettier-compromise","description":"July 2025 maintainer-phishing compromise that pushed malware through eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core and napi-postinstall, packages with tens of millions of weekly downloads.","objective":"Distribute Windows malware through trusted, high-download npm packages.","aliases":[],"discovered_at":"2025-07-21"},"packages":[{"ecosystem":"npm","name":"eslint-config-prettier","href":"/ti/packages/npm/eslint-config-prettier","threat_types":["other"],"versions":["8.10.1","9.1.1","10.1.6","10.1.7"]},{"ecosystem":"npm","name":"eslint-plugin-prettier","href":"/ti/packages/npm/eslint-plugin-prettier","threat_types":["other"],"versions":["4.2.2","4.2.3"]},{"ecosystem":"npm","name":"snyckit","href":"/ti/packages/npm/snyckit","threat_types":["other"],"versions":["0.11.9"]},{"ecosystem":"npm","name":"@pkgr/core","href":"/ti/packages/npm/@pkgr/core","threat_types":["other"],"versions":["0.2.8"]},{"ecosystem":"npm","name":"napi-postinstall","href":"/ti/packages/npm/napi-postinstall","threat_types":["other"],"versions":["0.3.1"]}],"indicators":[{"kind":"sha256","value":"31204fbbc097677d518e1c01d88cf24b491ef29cc8f56d1ef2b81e5ccc8440e2","href":"/ti/ioc/sha256/31204fbbc097677d518e1c01d88cf24b491ef29cc8f56d1ef2b81e5ccc8440e2","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441","href":"/ti/ioc/sha256/c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441","context":"SHA-256 hash from blog post"}],"ttps":[{"name":"Supply Chain Compromise: Compromise Software Dependencies and Development Tools","mitre_attack_id":"T1195.001","href":"/ti/ttps/T1195.001"},{"name":"Command and Scripting Interpreter: JavaScript","mitre_attack_id":"T1059.007","href":"/ti/ttps/T1059.007"},{"name":"Ingress Tool Transfer","mitre_attack_id":"T1105","href":"/ti/ttps/T1105"},{"name":"Event Triggered Execution","mitre_attack_id":"T1546","href":"/ti/ttps/T1546"}],"related_campaigns":[],"reports":[{"title":"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware","url":"https://safedep.io/eslint-config-prettier-major-npm-supply-chain-hack","published_at":"2025-07-21"}]}