eslint-plugin-prettier
eslint-plugin-prettier npm phishing compromise
The same npnjs.com npm maintainer phishing campaign that compromised eslint-config-prettier also compromised eslint-plugin-prettier. StepSecurity confirmed eslint-plugin-prettier 4.2.2 and 4.2.3 as affected versions after maintainer JounQin reported that a phishing email led to a malicious npm token being added and used to publish compromised releases. The malicious package family executed install.js during installation and launched a bundled Windows DLL through rundll32 on Windows systems.
- Date
- 2025-07-18 to 2025-07-19
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Code Execution
- Cause
- Social Engineering
What Was Affected
Package
eslint-plugin-prettier
LanguageJavaScript
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
npmjs.com
Repository
github.com/prettier/eslint-plugin-prettier
Compromised Versions
Incident Context
- Motive
- Remote Code Execution
- Attribution
- Third Party
- Transitive
- Yes
- User Impact
- 0
- Observed Duration
- 1 days
Evidence
Compromised Artifacts
Current Artifacts and Analysis
External References
Source Data
Source record: oss/eslint-plugin-prettier/meta.yaml