Ecosystem	Package	Version

Vulnerabilities

sonatype-2025-007581

sonatype-2025-007581

Malicious Packages - Mon Dec 15 2025 [Dropper] [Lazarus]

Published Dec 16, 2025

https://help.sonatype.com/en/sonatype-malware-data.html

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	bcryptjs-node-js	3.3.6
npm	chai-async-chain	2.4.1
npm	chai-async-chains	2.4.2
npm	chai-async-promised	3.3.5
npm	chai-async-test	3.3.5
npm	chai-async-tests	3.3.5
npm	chai-await-chain	2.4.2
npm	chai-await-chain	2.4.3
npm	chai-await-promised	3.3.5
npm	chai-await-test	2.4.1
npm	chai-chain-async	2.4.3
npm	chai-chains-async	2.4.3
npm	chai-promise-chain	2.4.1
npm	chai-promised-async	3.3.5
npm	chai-promised-await	3.3.5
npm	chai-promised-chain	2.4.2
npm	chai-promised-chains	0.0.1-security
npm	chai-promised-chains	2.4.2
npm	chai-promised-cli	3.3.5
npm	chai-promised-expect	2.4.1
npm	chai-proxy	2.4.2
npm	chai-test-async	3.3.5
npm	chai-test-await	3.3.5
npm	chai-tests-async	3.3.5
npm	chai-tests-await	3.3.5
npm	chain-test-async	3.3.5
npm	cross-sessions	2.4.1
npm	dotenv-embed	3.3.5
npm	dotenv-embedded	3.3.5
npm	dotenv-expanded	3.3.5
npm	dotenv-extend	0.0.1-security
npm	dotenv-extend	3.3.5
npm	dotenv-intend	3.3.5
npm	dotenv-intended	3.3.5
npm	dotenv-mono-cli	3.3.5
npm	dotenv-nodejs	3.3.5
npm	dotenv-plugin	3.3.5
npm	error-fallback	2.4.2
npm	fileupload-core	2.4.3
npm	fileupload-util	2.4.3
npm	fileuploadcore	2.4.3
npm	parse-session	2.4.1
npm	session-expire	2.4.1
npm	session-parse	2.4.1
npm	validator-node	3.3.4

sonatype-2025-007581 | Components Impacted | Sonatype Guide | Sonatype Guide