Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-004388

sonatype-2025-004388

Malicious Packages - Mon Nov 03 2025 [Dropper]

Published Nov 3, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-190513.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192317.json

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	alert-codestreamer	3.3.4
npm	async-queuelite	1.0.11
npm	bcrypt-js-edge	3.3.4
npm	bcryptjs-node	3.3.4
npm	bcryptjs-node-js	3.3.4
npm	bcryptjs-nodejs	3.3.4
npm	bootstrap-flexgrid	1.9.15
npm	bootstrap-setcolor	1.9.15
npm	bootstrap-setcolor	1.9.16
npm	bootstrap-setcolors	1.9.16
npm	bootstrap-setflexcolor	1.9.15
npm	chai-utils	8.9.8
npm	chunk-logger	3.3.6
npm	cookie-logger	3.8.2
npm	cookie-loggers	8.9.8
npm	cookie-loggo	0.0.6
npm	cookie-loggo	0.1.6
npm	cookies-logger	8.9.8
npm	cors-validator	3.1.2
npm	display-notifications	3.3.4
npm	eslint-logger	8.9.8
npm	eslint-plugin-react-purify	3.1.7
npm	eslint-plugin-react-purify	3.1.8
npm	eslint-plugin-react-purify	3.1.9
npm	eslints-logger	8.9.8
npm	gatepass	3.3.4
npm	glowmotion	1.9.7
npm	gridmancer	2.7.4
npm	http-err-notification	5.4.12
npm	http-req-logger	5.4.12
npm	httpreslog	1.0.12
npm	husky-logger	3.3.2
npm	husky-logger	3.3.6
npm	husky-logger	3.3.9
npm	jnscript	3.1.7
npm	js-notifiers	3.3.4
npm	js-prettier	3.3.4
npm	js-prettier	3.3.5
npm	json-configs	8.9.8
npm	json-confs	8.9.8
npm	json-log-stream	1.0.12
npm	jsonchalk	7.4.9
npm	jsonli-conf	8.9.6
npm	jsonlis-conf	8.9.8
npm	jsonlise-conf	8.9.8
npm	jsonloggers	8.9.6
npm	jsonlogs	7.5.6
npm	jsonpino	1.0.2
npm	jsons-logger	8.9.8
npm	jsonskipy	1.0.11

sonatype-2025-004388 | Components Impacted | Sonatype Guide | Sonatype Guide