Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-007418

sonatype-2025-007418

Malicious Packages - Thu Nov 27 2025 [Backdoor]

Published Dec 4, 2025

https://help.sonatype.com/en/sonatype-malware-data.html https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192008.json https://osv-vulnerabilities.storage.googleapis.com/npm/MAL-2025-192148.json

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	elf-stats-cocoa-northstar-632	1.0.0
npm	elf-stats-snowy-train-725	1.0.0
npm	elf-stats-starlit-rocket-905	1.0.0

sonatype-2025-007418 | Components Impacted | Sonatype Guide | Sonatype Guide