MidnightBSD

Advisories for un-ts

CVE-2025-54313

eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N 2.2 4.7

Products Affected

Vendor Product Version
homarr homarr *
prettier eslint-config-prettier 8.10.1
un-ts napi-postinstall 0.3.1
prettier eslint-config-prettier 9.1.1
prettier eslint-plugin-prettier 4.2.3
un-ts synckit 0.11.9
prettier eslint-config-prettier 10.1.6
prettier eslint-config-prettier 10.1.7
alexghr got-fetch 5.1.1
alexghr got-fetch 5.1.2
prettier eslint-plugin-prettier 4.2.2
un-ts pkgr/core 0.2.8