Prettier

registrynpm

package nameprettier

maintainerPrettier Contributors

Prettier is the dominant opinionated code formatter for JavaScript, TypeScript, CSS, and HTML. It is installed in virtually every modern web project and runs as a pre-commit hook, editor plugin, and CI check. It reads all files matching its configured globs.

api usage

Checking Prettier

prettier 3.3.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=prettier&version=3.3.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "prettier",
  "version": "3.3.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Code formatters with pre-commit hook access run automatically before every commit, with access to staged files. A compromised formatter can read and exfiltrate the full content of any staged file before the commit is recorded.

Attestd monitors prettier using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages ESLint TypeScript Response fields