Popular JavaScript packages like eslint-config-prettier, with over 30 million weekly downloads, were compromised after a maintainer fell victim to a phishing scheme, leading to malware-infected versions targeting Windows systems. This incident underscores the escalating threat of supply chain attacks in open-source ecosystems and highlights critical security gaps for developers.