@asyncapi/specs
MAL-2025-190643
npmmalware11/24/2025
Description
Malicious code in @asyncapi/specs (npm)
Indicators of Compromise
SHA256 Hashes (4)
5715faf8c80acf7c963aac8c332a2cffed06a23ca9663a2fdcb6fd11be4325e9
46e1904e729f9b51f22f0c24624af6ce0bfa9e7a02a0968c15469cd5ba665c2f
a7b05e7569027761c2ee32b0fa3f8d78a0246e62d32cb441512e6ef080bd4f7a
938ab70c817e26ed594a554747f21aa339e5a01f3daf999dead6c94fd2289490
References (4)
https://github.com/advisories/GHSA-5jj9-3vg7-7785OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-5jj9-3vg7-7785
Quick Actions