@asyncapi/generator-components
MAL-2025-190656
npmmalware11/24/2025
Description
Malicious code in @asyncapi/generator-components (npm)
Indicators of Compromise
SHA256 Hashes (4)
f8979c7e0c324a5176bad2972f76ef64aaea7afdbbe7f728586c94682bd0d1ad
5719055be86fb9260cf6b5973a434e721bdd9be14f737de6cbd7ebddac9292ba
3d8870842b3d0e51c4a8e1b27c36bd1800f1fe22cafbaa9caea87b9ddfdf497d
f627fc2ccd3242571f3bc5f3872bef674cde6c2539401724b25294592da5c2a9
References (4)
https://github.com/advisories/GHSA-m6ch-4fxh-v72cOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-m6ch-4fxh-v72c
Quick Actions