Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-004119

sonatype-2025-004119

Malicious Packages - Mon Oct 13 2025 [Dropper] [Lazarus]

Published Oct 13, 2025

https://help.sonatype.com/en/sonatype-malware-data.html

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	alert-codestreamer	3.3.4
npm	async-queuelite	1.0.11
npm	auto-es6-ext	0.10.38
npm	auto-regex	4.1.6
npm	bcrypt-js-edge	3.3.4
npm	bcryptjs-node	3.3.4
npm	bcryptjs-node-js	3.3.4
npm	bcryptjs-nodejs	3.3.4
npm	bootstrap-flexgrid	1.9.15
npm	bootstrap-setcolor	1.9.15
npm	bootstrap-setcolor	1.9.16
npm	bootstrap-setcolors	1.9.16
npm	bootstrap-setflexcolor	1.9.15
npm	chai-utils	8.9.8
npm	checking-ip	1.0.0
npm	checking-ips	1.0.0
npm	chunk-logger	3.3.6
npm	cli-color-ext	4.3.9
npm	common-js-support	1.0.0
npm	cookie-logger	3.8.2
npm	cookie-loggers	8.9.8
npm	cookie-loggo	0.0.6
npm	cookie-loggo	0.1.6
npm	cookies-logger	8.9.8
npm	cors-validator	3.1.2
npm	display-notifications	3.3.4
npm	eslint-logger	8.9.8
npm	eslint-plugin-react-purify	3.1.7
npm	eslint-plugin-react-purify	3.1.8
npm	eslint-plugin-react-purify	3.1.9
npm	eslints-logger	8.9.8
npm	filigrean-icon	1.0.0
npm	filigren-icon	1.0.0
npm	filigron-icon	1.0.0
npm	filiogrean-icon	3.23.8
npm	flutchi-log	1.0.0
npm	gatepass	3.3.4
npm	glowmotion	0.0.1-security
npm	glowmotion	1.9.7
npm	gridmancer	0.0.1-security
npm	gridmancer	2.7.4
npm	http-err-notification	5.4.12
npm	http-req-logger	5.4.12
npm	httpreslog	1.0.12
npm	husky-logger	3.3.2
npm	husky-logger	3.3.6
npm	husky-logger	3.3.9
npm	icon-sea	1.1.9
npm	ip-checkers	1.0.0
npm	ip-checking	1.0.0

sonatype-2025-004119 | Components Impacted | Sonatype Guide | Sonatype Guide