Butz

**Name of the Vulnerable Software and Affected Versions** eslint-config-prettier versions 8.10.1 through 10.1.7 **Description** The `eslint-config-prettier` npm package was compromised through a supply chain attack resulting from a phishing attack on maintainers. Installation of affected versions executes an `install.js` file, which launches the `node-gyp.dll` malware on Windows systems. The package has over 30 million weekly downloads, representing a significant supply chain risk. The malicious code was injected via a postinstall script that utilizes `rundll32.exe` to execute a trojan. This issue affects not only direct users of the package but also projects that include it as a development dependency. The `install.js` file is executed upon package installation. **Recommendations** Versions prior to 8.10.1 and versions after 10.1.7 should be used. For versions 8.10.1 through 9.1.1 and 10.1.7, avoid installation. For version 10.1.6, no action is required as it has been determined to be safe.