Popular npm linter packages hijacked via phishing to drop malware
Popular JavaScript libraries were hijacked this week and turned into malware droppers, in a supply chain attack achieved via targeted phishing and credential theft. The npm package eslint-config-prettier, downloaded over 30 million times weekly, was compromised after its maintainer fell victim to a phishing attack. Other packages, namely eslint-plugin-prettier, synckit, @pkgr/core, and napi-postinstall from the same maintainer, were also targeted. The attacker(s) used stolen credentials to pub