@asyncapi/bundler
MAL-2025-190652
npmmalware11/24/2025
Description
Malicious code in @asyncapi/bundler (npm)
Indicators of Compromise
SHA256 Hashes (4)
47d31b4cc36ee8c342471c6a61cc7ad42816f99ba2aa4bc825f7fc26c3b4e119
4772ec7022abe0375835d594a76a518350868bfe4630f4cf472962d4e6bdf2a9
a26a936e53bec6e0462445fb1b1e3c83b6052aab511256becf2f7e6d60906b15
e3e1c10e3b399564fe699536e207576f1afa6e52cef7b72ab40e34ca31896abf
References (4)
https://github.com/advisories/GHSA-g63r-6vp8-gm3jOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-g63r-6vp8-gm3j
Quick Actions