@trigo/atrix
MAL-2025-190677
npmmalware11/24/2025
Description
Malicious code in @trigo/atrix (npm)
Indicators of Compromise
SHA256 Hashes (4)
305ce62c26f6bb221f9779da6dd55b49fd970a1bf8939a813a5951bb2e4f5a07
558f6feeb49a87304641f2c0c9925edfed565c25407412c22ec77f6dd814dc4f
5ec228bb77b5ac692402ba1696ad24fa50c41ca50b79ecdfd7191f72ad9962e4
918c5bb353218948fa182f06c41abfe6e8c1993424a4591870245b3b2dac3060
References (4)
https://github.com/advisories/GHSA-gp55-5fcm-xvp9OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-gp55-5fcm-xvp9
Quick Actions