npm package
simple-swizzle
pkg:npm/simple-swizzle
Malware
3 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- GHSA-9g9j-rggx-7fmgsimple-swizzle@0.2.3 contains malware after npm account takeoverSep 15, 2025
- MAL-2025-46978Malicious code in simple-swizzle (npm)Sep 8, 2025
- GHSA-wwpx-h6g5-c7x6Duplicate Advisory: Malware in simple-swizzleSep 8, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59141 | Hig | — | >= 0.2.3, < 0.2.4 | 0.2.4 | Sep 15, 2025 | simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to |
- affected >= 0.2.3, < 0.2.4fixed 0.2.4
simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to