CVE-2025-59331

Name of the Vulnerable Software and Affected Versions is-arrayish versions prior to 0.3.4

Description The is-arrayish package was compromised through a phishing attack on an npm publishing account. Version 0.3.3 was published with a malware payload designed to redirect cryptocurrency transactions in browser environments, specifically targeting cryptocurrency wallets such as MetaMask. Local, server, and command-line environments are not affected. The malicious package was removed from the npm registry on September 8th, and new patch versions were published on September 13th to assist with cache-busting.

Recommendations Update to version 0.3.4 or later. Completely remove the node modules directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any caches operating on private registries or registry mirrors.