@asyncapi/converter
MAL-2025-190654
npmmalware11/24/2025
Description
Malicious code in @asyncapi/converter (npm)
Indicators of Compromise
SHA256 Hashes (4)
b79b4d90792c3a8df5926407a70010c63bbc18c2551dcfa03a10b7700e3ecb85
391d5e53843731fb634a2f3811928f21e466b64aa48d1383b08f7f3708f603db
17a5cbea7fea784aad3933cba1d2a82a3a4283844747200bb4bb774f657e929a
c1e7e3aa9cb6b9c38379f160c782d961c62e74217466366dd4107163009c472f
References (4)
https://github.com/advisories/GHSA-3cr2-p3pg-xrhwOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-3cr2-p3pg-xrhw
Quick Actions