Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-004106

sonatype-2025-004106

Malicious Packages - Fri Oct 10 2025 [Dropper] [Lazarus]

Published Oct 10, 2025

https://help.sonatype.com/en/sonatype-malware-data.html

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	alert-codestreamer	3.3.4
npm	async-queuelite	1.0.11
npm	auto-es6-ext	0.10.38
npm	auto-regex	4.1.6
npm	bcrypt-js-edge	0.0.1-security
npm	bcrypt-js-edge	3.3.4
npm	bcryptjs-node	3.3.4
npm	bcryptjs-node-js	3.3.4
npm	bcryptjs-nodejs	3.3.4
npm	chai-utils	8.9.8
npm	checking-ip	1.0.0
npm	checking-ips	1.0.0
npm	chunk-logger	3.3.6
npm	cli-color-ext	4.3.9
npm	common-js-support	1.0.0
npm	cookie-logger	3.8.2
npm	cookie-loggers	8.9.8
npm	cookie-loggo	0.0.6
npm	cookie-loggo	0.1.6
npm	cookies-logger	8.9.8
npm	cors-validator	3.1.2
npm	display-notifications	3.3.4
npm	eslint-logger	8.9.8
npm	eslint-plugin-react-purify	3.1.7
npm	eslint-plugin-react-purify	3.1.8
npm	eslint-plugin-react-purify	3.1.9
npm	eslints-logger	8.9.8
npm	filigrean-icon	1.0.0
npm	filigren-icon	1.0.0
npm	filigron-icon	1.0.0
npm	filiogrean-icon	3.23.8
npm	flutchi-log	1.0.0
npm	gatepass	3.3.4
npm	http-err-notification	5.4.12
npm	http-req-logger	5.4.12
npm	httpreslog	1.0.12
npm	husky-logger	3.3.2
npm	husky-logger	3.3.6
npm	husky-logger	3.3.9
npm	icon-sea	1.1.9
npm	ip-checkers	1.0.0
npm	ip-checking	1.0.0
npm	ip-checks	1.0.0
npm	item-box	1.0.19
npm	jnscript	3.1.7
npm	js-notifiers	3.3.4
npm	js-prettier	3.3.4
npm	js-prettier	3.3.5
npm	json-configs	8.9.8
npm	json-confs	8.9.8

sonatype-2025-004106 | Components Impacted | Sonatype Guide | Sonatype Guide