CVE-2025-59145

Name of the Vulnerable Software and Affected Versions color-name versions prior to 2.0.2

Description An npm publishing account for color-name was taken over following a phishing attack. Version 2.0.1 was published with a malware payload designed to redirect cryptocurrency transactions to the attacker's addresses within browser environments. Local, server, and command-line environments are not affected. The malware specifically targets cryptocurrency transactions and wallets such as MetaMask.

Recommendations Update to version 2.0.2. Completely remove the node modules directory. Clean the package manager's global cache. Rebuild any browser bundles from scratch. Purge the compromised versions from any private registries or registry mirrors.