eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
| Балл | 7.5 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N |