"While typosquatting attacks are hardly new, the effort spent by nefarious actors on these two libraries to pass them off as legitimate is noteworthy," Sonatype's Ax Sharma said in an analysis published Wednesday.
"Furthermore, the high download counts for packages like 'types-node' are signs that point to both some developers possibly falling for these typosquats, and threat actors artificially inflating these counts to boost the trustworthiness of their malicious components."
"Far from being a 'batch' file though, the 'prettier.bat' file is actually a Windows executable (.exe) that has previously been flagged as a trojan and dropper on VirusTotal," Sharma said.
"The npm listing for @typescript_eslinter/eslint, Sonatype's analysis revealed, points to a phony GitHub repository that was set up by an account named 'typescript-eslinter,' which was created on November 29, 2024."
Collection
[
|
...
]