malware npm

napi-postinstall

discovered 2025-07-21

napi-postinstall is identified in the SafeDep analysis "eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.

more…

Threat types

other

Malicious versions

0.3.1

Campaigns

eslint-config-prettier Compromiseattributed-to

Indicators

sha256 31204fbbc097677d518e1c01d88cf24b491ef29cc8f56d1ef2b81e5ccc8440e2indicates
sha256 c68e42f416f482d43653f36cd14384270b54b68d6496a8e34ce887687de5b441indicates

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1105 Ingress Tool Transferuses
ttp T1546 Event Triggered Executionuses

Read the full analysis →