VDB
KO

MAL-2026-6703

Malicious code in @andes-tools/colors (npm)

Details

--- _-= Per source details. Do not edit below this line.=-_

## Source: ossf-package-analysis (eaa7ebbb428747d4b9b5ef497dd78f0bfe55f843a9ae526feaf96a788f4abdfb) The OpenSSF Package Analysis project identified '@andes-tools/colors' @ 999.0.0 (npm) as malicious.

It is considered malicious because:

- The package communicates with a domain associated with malicious activity.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / @andes-tools/colors

No fixed version published yet for @andes-tools/colors (npm). Pin to a known-safe version or switch to an alternative.