@trigo/eslint-config-trigo
MAL-2025-190684
npmmalware11/24/2025
Description
Malicious code in @trigo/eslint-config-trigo (npm)
Indicators of Compromise
SHA256 Hashes (4)
d6bc2da54cb42e905659571935f6f5e3371052a564b5dabdf468ecdbffc64b28
f323ad76d021234c96924ded9095572d18be962e0c71fb9cfbeb1fa43079e961
fbcdfebaa28adf736e6653ea11d8dce92c749dbd1a6d4e48298873f62d1ae5d1
df65de0cd431b7d9915c1ddb068160aa9671d89471cbdc8ab55fdf80baebdaab
References (4)
https://github.com/advisories/GHSA-v5mg-qxxx-3jxxOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-v5mg-qxxx-3jxx
Quick Actions