CVE-2025-54313 PoC — eslint-config-prettier 安全漏洞

Source

https://github.com/nihilor/cve-2025-54313

Associated Vulnerability

Title:eslint-config-prettier 安全漏洞 (CVE-2025-54313)
Description:eslint-config-prettier是Prettier开源的一个应用软件。 eslint-config-prettier 8.10.1版本、9.1.1版本、10.1.6版本和10.1.7版本存在安全漏洞，该漏洞源于嵌入恶意代码，可能导致供应链攻击。

Description

Checks projects for compromised packages, suspicious files, and import statements.

Readme

# cve-2025-54313
Checks projects for compromised packages, suspicious files, and import statements, see [is Supply Chain attack](https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack)

## How?

Just execute the script in the terminal/console. Consider to install `maple` first.

```sh
npm install -g maple
chmod +x cve-2025-54313.sh
./cve-2025-54313.sh
```

![](cve-2025-54313.png)

## License

GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007

Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed. See [LICENSE](./LICENSE)
for details.

File Snapshot


 [4.0K]  /data/pocs/f4109e320816c55c7d09fbf46a37b51326857911
├── [199K]  cve-2025-54313.png
├── [9.2K]  cve-2025-54313.sh
├── [ 34K]  LICENSE
└── [ 700]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!