Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware

An npm supply chain security incident began on July 19th, 2025, targeting maintainers of popular npm packages through a phishing campaign that exploited a typosquatted domain, npnjs.com, to steal their npm registry credentials. The attack affected several packages, including eslint-config-prettier, which has millions of weekly downloads, highlighting the potential impact of such malware. Attackers used the obtained credentials to publish malicious versions of these packages, which included Windows-based malware. In response, maintainers reset their credentials, deprecated the affected versions, and removed them from the npm registry. The incident underscores the importance of robust security practices such as enabling two-factor authentication, using tools like the open-source CLI npq for heuristics, and configuring npm installations to prevent automatic script execution. Developers are advised to scrutinize package versions and follow security best practices to mitigate similar threats, with resources like Snyk Learn offering further guidance on protecting against supply chain attacks.