Skip to content

Malware in has-ansi

Malware Published Sep 8, 2025 to the GitHub Advisory Database • Updated Sep 10, 2025

Package

has-ansi (npm)

Affected versions

= 6.0.1

Patched versions

None

Description

Any computer that has this package installed or running should be considered affected by a browser-based interceptor that hijacks network traffic and application APIs. The interceptor injects itself into functions related to web traffic and cryptocurrency wallets. The interceptor replaces values such as wallet addresses in transaction payloads and modifies the UI to hide its activity.

References

Published to the GitHub Advisory Database Sep 8, 2025
Reviewed Sep 8, 2025
Last updated Sep 10, 2025

EPSS score

Weaknesses

Embedded Malicious Code

The product contains code that appears to be malicious in nature. Learn more on MITRE.

GHSA ID

GHSA-jff9-gjh4-j359

Source code

No known source code
Improvements are not currently accepted on this advisory because this package is malware and has no patched versions. If there is something to change, please open an issue at https://github.com/github/advisory-database/issues.