Malware published in eslint-config-prettier and other packages

Malware Incident Detected in Popular npm Packages: An Urgent Security Advisory

In a recent announcement, a prominent maintainer of several widely used npm packages disclosed that their account had been compromised through a phishing attack, leading to the distribution of malicious code via legitimate package updates. This incident underscores the critical importance of robust security practices for open-source maintainers and users alike.

Details of the Incident

The affected maintainer shared via social media that they fell victim to a phishing email, which resulted in the leakage of their npm account credentials or tokens. Subsequently, a new npm authentication token was added without authorization. Malicious versions of well-known packages were then published, exposing thousands of developers to potential security risks.

Packages and Versions Impacted

The malicious activity involved several popular packages, including:

  • eslint-config-prettier:
  • Versions 8.10.1, 9.1.1, 10.1.6, 10.1.7
  • eslint-plugin-prettier:
  • Versions 4.2.2, 4.2.3
  • snyckit:
  • Version 0.11.9
  • @pkgr/core:
  • Version 0.2.8
  • napi-postinstall:
  • Version 0.3.1

The maintainer has responded swiftly by removing the leaked token, deprecating the compromised package versions, and releasing new, clean versions to restore integrity.

Lessons and Recommendations

This incident serves as a potent reminder for all npm package publishers to enhance their security protocols. Specifically, it is highly recommended to:

  • Enable Two-Factor Authentication (2FA) on your npm account.
  • Transition your 2FA method from a standard authenticator app to a Security Key or Biometric Passkey, which provides a stronger defense against phishing attacks.
  • Regularly review your npm account security settings at npm security settings.
  • Maintain vigilant monitoring of package activity and respond promptly to suspicious behavior.

Final Thoughts

Open-source software relies heavily on the trustworthiness of maintainers. While security breaches can occur despite the best intentions, adopting advanced security measures significantly reduces the risk of malicious disruptions. Community awareness and proactive security practices are fundamental to maintaining a safe and reliable ecosystem for all developers.

**Stay vigilant, secure

Hubsadmin

Leave a Reply

Your email address will not be published. Required fields are marked *


Cybersecurity and artificial intelligence technology company airlimitless.