This week, a supply chain attack, executed through targeted phishing and credential theft, led to the compromise of the widely used JavaScript libraries, eslint-config-prettier and eslint-plugin-prettier. These popular components were subsequently converted into malware droppers.
After gaining unauthorized access to these packages, the attackers proceeded to disseminate malicious software onto developer machines. This incident represents a significant risk to the integrity of software projects that are dependent on these libraries. Consequently, users are strongly advised to inspect their systems for any indicators of compromise and to implement robust measures to safeguard their credentials.