VYPR

npm package

simple-swizzle

pkg:npm/simple-swizzle

Malware

3 malicious versions on record

One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.

Vulnerabilities (1)

  • CVE-2025-59141HigSep 15, 2025
    affected >= 0.2.3, < 0.2.4fixed 0.2.4

    simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to