@asyncapi/parser
MAL-2025-190640
npmmalware11/24/2025
Description
Malicious code in @asyncapi/parser (npm)
Indicators of Compromise
SHA256 Hashes (4)
58daec6c982800e33901b1072260f4b144aa0b64db38ee45dd9219fe13a654f6
60490138601b88d5bc5b3f5cfb5d6bf7f1c04848429e5aa48c1812ff4c8208e5
9abfa9f66062c9eea55d4397bb42ba3e5c14d63905a4adab4fb940cff0b3734c
fea4ed344f4d1ab39df534d5324b2ccf02c135eb976316b28f22117295d14179
References (4)
https://github.com/advisories/GHSA-wjmr-9cr8-3wgjOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-wjmr-9cr8-3wgj
Quick Actions