prettier_v2 @3.8.5
Vulnerability report · Last retrieved from osv.dev July 10, 2026 at 1:30 AM UTC
OSV ID
MAL-2026-5846
Ecosystem
npm
Summary
Package name 'prettier_v2' closely resembles the widely-used 'prettier' formatter package, raising typosquat concerns. The file lib/mirror.js contains a Buffer.from(..., 'base64').toString('utf8') decode pattern, which is commonly used to hide payload strings or code. Without confirmation of how the decoded content is used (data vs. eval/exec), intent cannot be conclusively determined, but the combination of a confusable package name and obfuscated string handling warrants human review before installation.
Source: amazon-inspector (52d6c46e6d7e7ba0269dbb3d9725b5943d1b4b94ac2587a5738983cb93d8e1cf)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.