Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
No longer able to download package after update to 2025.21
-
Hi,
We updates to Proget 2025.21 and a build started failing with this message.
npm error 400 Bad Request - GET https://packages.vicrea.nl/npm/VicreaNpmJs/eslint-config-prettier/-/eslint-config-prettier-9.1.0.tgz - Package is known to contain malicious code.Which is great but it seems all versions of eslint-config-prettier are now blocked although not all are versions actually malicious
https://nvd.nist.gov/vuln/detail/CVE-2025-54313Is this by design or am i missing something?
-
Hi @v-makkenze_6348 ,
This is a regression introduced from ProGet 2025.20's changes to malicious package handling. It's not intentional, and only the specific versions should be blocked (8.10.1, 9.1.1, 10.1.6, 10.1.7)
We'll get it fixed via PG-3227 in the next maintenance release (scheduled for this Friday, but we may do a pre-release sooner). For now your best bet is to rollback to ProGet 2025.19.
Thanks,
Steve