VYPR

npm package

is-arrayish

pkg:npm/is-arrayish

Malware

3 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2025-59331HigSep 15, 2025
    affected >= 0.3.3, < 0.3.4fixed 0.3.4

    is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a malware payload added at