npm package
lodahs
pkg:npm/lodahs
Malware
1 malicious version on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2025-25502Malicious code in lodahs (npm)Aug 14, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19771 | — | >= 0.0.1 | — | Dec 12, 2019 | The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets. |
- CVE-2019-19771Dec 12, 2019affected >= 0.0.1
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.