npm

eslint-config-prettier

eslint-config-prettier is identified in the SafeDep analysis "eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.

discovered 2025-07-21

Threat types

other

Malicious versions

8.10.1
9.1.1
10.1.6
10.1.7

Campaigns

eslint-config-prettier Compromiseattributed-to

Indicators

sha25631204fbbc097677d518e1c01d88cf24b491ef29cc8f56d1ef2b81e5ccc8440e2indicates
sha256c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441indicates

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1105 Ingress Tool Transferuses
ttpT1546 Event Triggered Executionuses

Read the full analysis →