VYPR

npm package

backslash

pkg:npm/backslash

Malware

3 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2025-59140HigSep 15, 2025
    affected >= 0.2.1, < 0.2.2fixed 0.2.2

    backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to