MAL-2025-48977: Malicious code in airbnb-base-typescript-prettier (npm)

October 29, 2025 (updated October 30, 2025)

This malicious package was published during the PhantomRaven NPM campaign. The malicious payload steals tokens and credentials.

References

github.com/advisories/GHSA-48mw-hp6v-cxmr
github.com/advisories/MAL-2025-48977
www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies

Code Behaviors & Features

Detect and mitigate MAL-2025-48977 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →