@asyncapi/generator-helpers
MAL-2025-190657
npmmalware11/24/2025
Description
Malicious code in @asyncapi/generator-helpers (npm)
Indicators of Compromise
SHA256 Hashes (4)
6c55b498d8766225c87bc5781438ffe36f84333b8bb731069bb0bac726cb6b3e
1fb4a795f9e4f1dc8304d727b4b4a4b6d4024952675eb497e79b9f78fa2b96ca
f8004b054d45a6f08280a93c7be997f099739cdc3a8311a35d9976efd619b1c4
eaf9598bd0d64189828293050c590d3885311537cef7b91153a0df8cef9489f4
References (4)
https://github.com/advisories/GHSA-gw3q-hxvp-x7vmOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-gw3q-hxvp-x7vm
Quick Actions