VYPR

npm package

color

pkg:npm/color

Malware

3 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2025-59143HigSep 15, 2025
    affected >= 5.0.1, < 5.0.2fixed 5.0.2

    color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added a