npm package
error-ex
pkg:npm/error-ex
Malware
3 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- GHSA-6jp5-hh4c-8c5herror-ex@1.3.3 contains malware after npm account takeoverSep 15, 2025
- MAL-2025-46975Malicious code in error-ex (npm)Sep 8, 2025
- GHSA-5g7q-qh7p-jjvmDuplicate Advisory: Malware in error-exSep 8, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59330 | Hig | — | >= 1.3.3, < 1.3.4 | 1.3.4 | Sep 15, 2025 | error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attem |
- affected >= 1.3.3, < 1.3.4fixed 1.3.4
error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attem