npm

prettier_v2 @3.8.5

Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC

Malicious

OSV ID

MAL-2026-5846

Ecosystem

npm

Summary

Package name 'prettier_v2' closely resembles the widely-used 'prettier' formatter package, raising typosquat concerns. The file lib/mirror.js contains a Buffer.from(..., 'base64').toString('utf8') decode pattern, which is commonly used to hide payload strings or code. Without confirmation of how the decoded content is used (data vs. eval/exec), intent cannot be conclusively determined, but the combination of a confusable package name and obfuscated string handling warrants human review before installation.

Source: amazon-inspector (52d6c46e6d7e7ba0269dbb3d9725b5943d1b4b94ac2587a5738983cb93d8e1cf)

Protect your entire dependency tree

Scan your lock files automatically on every PR. Block malicious packages before they reach production.