Popular npm linter packages hijacked via phishing to drop malware
Ax Sharma
July 19, 2025
08:51 AM
0
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft.
The npm packageeslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Another packageeslint-plugin-prettierfrom the same maintainer was also targeted.
Th...
