eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware
A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the…
Read the full articleYou might also wanna read

Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware
Urgent warning: Maintainers of popular npm packages like ESLint Prettier Plugin were attacked via an npm supply chain malware incident. Lear
NPM supply chain attack compromises popular packages, posing widespread security risk
That NPM attack could have been so much worse.

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, the JavaScript ecosystem faced one of its most disruptive security events to date: a coordinated software supply-chain at
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
Over 1,000 NPM packages were infected using the same method as the previous attack, infecting with a fake Bun runtime. The attacker leverage
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
The popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisti
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
The popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisti
Supply Chain Attack Compromises @ctrl/tinycolor npm Package, Affects 40+ Packages
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers

Comments
Sign in to join the conversation.
No comments yet. Be the first.