Informatic

**Name of the Vulnerable Software and Affected Versions** backslash versions prior to 0.2.2 **Description** The `backslash` npm package was compromised through a phishing attack on the publishing account. Version 0.2.1 was published with a malicious payload designed to redirect cryptocurrency transactions from browser environments to the attacker's addresses. Environments not utilizing the package in a browser context, such as local, server, and command-line applications, are not affected. The malware specifically targets cryptocurrency transactions and wallets like MetaMask. The malicious package was removed from the npm registry on September 8, 2025, and new patch versions were published on September 13, 2025, to address caching issues in private registries. **Recommendations** Upgrade to version 0.2.2 or later. Completely remove the `node modules` directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from caches on private registries or registry mirrors.

**Name of the Vulnerable Software and Affected Versions** simple-swizzle version 0.2.3 simple-swizzle versions prior to 0.2.4 **Description** The npm publishing account for simple-swizzle was compromised following a phishing attack. Version 0.2.3 was published with a malware payload designed to redirect cryptocurrency transactions within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask. **Recommendations** Update to version 0.2.4. Completely remove the `node modules` directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any private registries or registry mirrors.

**Name of the Vulnerable Software and Affected Versions** color versions 5.0.1 **Description** The npm publishing account for color was taken over following a phishing attack. Version 5.0.1 was published with a malware payload designed to redirect cryptocurrency transactions from within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask. **Recommendations** Update to version 5.0.2. Completely remove the `node modules` directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any caches if operating private registries or registry mirrors.

**Name of the Vulnerable Software and Affected Versions** error-ex versions prior to 1.3.4 **Description** The error-ex npm package was compromised through a phishing attack resulting in the publication of version 1.3.3 containing a malware payload. This malware targets cryptocurrency transactions and wallets, such as MetaMask, within browser environments. Local, server, and command line environments are not affected. The malicious package was removed from the npm registry on September 8, 2025. The attacker attempted to redirect cryptocurrency transactions to their own addresses. Approximately an unknown number of devices using the compromised package in a browser context may have been affected. **Recommendations** Update to version 1.3.4. Completely remove the node modules directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the offending versions from any caches if operating private registries or registry mirrors.

**Name of the Vulnerable Software and Affected Versions** is-arrayish versions prior to 0.3.4 **Description** The `is-arrayish` package was compromised through a phishing attack on an npm publishing account. Version 0.3.3 was published with a malware payload designed to redirect cryptocurrency transactions in browser environments, specifically targeting cryptocurrency wallets such as MetaMask. Local, server, and command-line environments are not affected. The malicious package was removed from the npm registry on September 8th, and new patch versions were published on September 13th to assist with cache-busting. **Recommendations** Update to version 0.3.4 or later. Completely remove the `node modules` directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any caches operating on private registries or registry mirrors.

**Name of the Vulnerable Software and Affected Versions** color-name versions prior to 2.0.2 **Description** An npm publishing account for color-name was taken over following a phishing attack. Version 2.0.1 was published with a malware payload designed to redirect cryptocurrency transactions to the attacker's addresses within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask. **Recommendations** Update to version 2.0.2. Completely remove the `node modules` directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any private registries or registry mirrors.