PURL of wrongly matched component
pkg:npm/eslint-config-prettier@9.1.0
Hello!
Depscan detects vulnerability MAL-2025-6022 in dependency eslint-config-prettier 9.1.0 (purl: pkg:npm/eslint-config-prettier@9.1.0), although the vulnerability exists only in the following versions: 8.10.1, 9.1.1, 10.1.6, and 10.1.7.
Judging by bom.vdr, the feed for this vulnerability is incorrect, as it currently points to the range from version 8.10.1 up to and including 10.1.7:
{"name": "affectedVersionRange","value": "eslint-config-prettier@>=8.10.1-<=10.1.7"}urls:
https://osv.dev/vulnerability/MAL-2025-6022
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-config-prettier/MAL-2025-6022.json
Depscan findings
PURL of wrongly matched component
pkg:npm/eslint-config-prettier@9.1.0
Hello!
Depscan detects vulnerability MAL-2025-6022 in dependency eslint-config-prettier 9.1.0 (purl: pkg:npm/eslint-config-prettier@9.1.0), although the vulnerability exists only in the following versions: 8.10.1, 9.1.1, 10.1.6, and 10.1.7.
Judging by bom.vdr, the feed for this vulnerability is incorrect, as it currently points to the range from version 8.10.1 up to and including 10.1.7:
{"name": "affectedVersionRange","value": "eslint-config-prettier@>=8.10.1-<=10.1.7"}urls:
https://osv.dev/vulnerability/MAL-2025-6022
https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/eslint-config-prettier/MAL-2025-6022.json
Depscan findings