CVE-2025-54313

Name of the Vulnerable Software and Affected Versions eslint-config-prettier versions 8.10.1 through 10.1.7

Description The eslint-config-prettier npm package was compromised through a supply chain attack resulting from a phishing attack on maintainers. Installation of affected versions executes an install.js file, which launches the node-gyp.dll malware on Windows systems. The package has over 30 million weekly downloads, representing a significant supply chain risk. The malicious code was injected via a postinstall script that utilizes rundll32.exe to execute a trojan. This issue affects not only direct users of the package but also projects that include it as a development dependency. The install.js file is executed upon package installation.

Recommendations Versions prior to 8.10.1 and versions after 10.1.7 should be used. For versions 8.10.1 through 9.1.1 and 10.1.7, avoid installation. For version 10.1.6, no action is required as it has been determined to be safe.