CVE-2025-54313: Prettier eslint-config-prettier Embedded Malicious Code

Prettier eslint-config-prettier Embedded Malicious Code Vulnerability. Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

• CISA KEV-listed (remediation due 2026-02-12)
• EPSS 12.5% (94.1% percentile)

Browse the CVE database

Read the full analysis on IntelFusions