Qix

**Name of the Vulnerable Software and Affected Versions** color-string version 2.1.1 **Description** The npm publishing account for color-string was compromised following a phishing attack. Version 2.1.1 was published with a malicious payload designed to redirect cryptocurrency transactions within browser environments. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask. Local, server, and command-line environments are not affected. **Recommendations** Update to version 2.1.2. Completely remove the `node modules` directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any private registry caches.