In July 2025, a significant supply chain attack was identified involving the compromise of five popular NPM packages, including "eslint-config-prettier," which resulted in the distribution of a malicious DLL named "Scavenger." This attack was facilitated through a credential phishing campaign targeting an NPM package maintainer, allowing attackers to publish modified versions of these packages containing the malicious code. The CrowdStrike Falcon platform successfully detected and prevented the attack by blocking the execution of the Scavenger DLL and utilizing machine learning and behavior-based indicators of attack (IOAs) to quarantine the threat. The compromised packages, which had widespread impact due to their popularity, have since been deprecated, and clean versions have been re-released. CrowdStrike emphasizes the importance of properly configured prevention policies to protect against such supply chain attacks, which often exploit vulnerabilities within widely-used open-source platforms.