VYPR

Node Backslash

by Qix

Source repositories

CVEs (1)

  • CVE-2025-59140HigSep 15, 2025
    risk 0.57cvss epss 0.00

    backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to…