CVE-2025-59143

Name of the Vulnerable Software and Affected Versions color versions 5.0.1

Description The npm publishing account for color was taken over following a phishing attack. Version 5.0.1 was published with a malware payload designed to redirect cryptocurrency transactions from within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask.

Recommendations Update to version 5.0.2. Completely remove the node modules directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any caches if operating private registries or registry mirrors.