@asyncapi/generator
MAL-2025-190636
npmmalware11/24/2025
Description
Malicious code in @asyncapi/generator (npm)
Indicators of Compromise
SHA256 Hashes (4)
5c0426c37a66378442886f4b63503a263f38e5172b7ef21b9bd129968b6bcb4b
63359c608231ec06641739879ea8b63b6989462cf0f52e20668b9a1ad27e04c8
532672a3bd1850b463fc09498046f4ed22f696b99a9da452514c4b866508d489
074df24b3cee0a10eed786c44c2bbb0e21e0ede618c9686506504ec843695775
References (4)
https://github.com/advisories/GHSA-9658-p648-rc4qOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-9658-p648-rc4q
Quick Actions