Ecosystem	Package	Version

Vulnerabilities

sonatype-2026-000397

sonatype-2026-000397

Malicious Packages - Wed Feb 11 2026 [Lazarus] [Dropper]

Published Feb 11, 2026

https://help.sonatype.com/en/sonatype-malware-data.html

CVSS ScoreHigh

8.7

Ecosystem	Package	Version


npm	argon-node	3.5.7
npm	argon-web3-chain	2.4.5
npm	argonnode	2.4.5
npm	chai-await	2.4.5
npm	chai-await-cli	2.3.5
npm	chai-chain-argon	3.5.7
npm	chai-chain-cognivault	2.3.5
npm	chai-chain-neurograde	2.3.5
npm	chai-chain-sinon	2.4.5
npm	chai-cli	2.4.5
npm	chai-cli-async	3.3.5
npm	chai-cli-await	2.4.5
npm	chai-cli-sinon	2.4.5
npm	chai-promised-plugin	2.3.5
npm	chain-argon	2.4.5
npm	chain-cli-promised	2.3.5
npm	chain-cognivault	2.3.5
npm	chain-coremesh	2.3.5
npm	chain-multer	3.5.7
npm	chain-neurograde	2.4.7
npm	chain-promised	2.3.5
npm	chain-promised-async	3.5.5
npm	chain-promised-await	3.5.5
npm	chain-promised-cli	3.3.5
npm	chain-test-await	2.5.5
npm	charswap	7.2.7
npm	dotenv-cli-node	2.4.5
npm	dotenv-int	3.5.5
npm	dotenv-node-cli	3.3.5
npm	dotenv-node-promised	2.3.5
npm	dotenv-plugin	2.3.5
npm	dotenv-promised	2.3.5
npm	dotenv-xtend	2.5.5
npm	dotenvx-int	3.5.5
npm	dotenvx-node-cli	2.4.5
npm	dotjsenv	1.1.7
npm	dotnetenv	1.1.7
npm	env-extend	2.5.5
npm	js-coauth	7.2.7
npm	js-copack	1.1.7
npm	js-copack	1.1.8
npm	js-copack	7.2.7
npm	js-cotype	4.1.4
npm	js-multer	5.1.7
npm	js-nodecat	1.0.7
npm	js-repack	5.1.0
npm	js-unpack	1.1.7
npm	js-unpack	1.1.8
npm	js-uponcaps	7.2.7
npm	json-getin	7.2.7

sonatype-2026-000397 | Components Impacted | Sonatype Guide | Sonatype Guide