eslint-config-trigo
MAL-2025-190695
npmmalware11/24/2025
Description
Malicious code in eslint-config-trigo (npm)
Indicators of Compromise
SHA256 Hashes (3)
7981c047527e4772159fc44246b03d487837c6cc3e22a95d9a84c5347a00b95e
715567b8ffcce461fdad7a03986cd0ca9569785f6a0dcfad594a041fce4c88bb
b217c2ac047109f88c1d10226390c0a7e36dfa6f8794c9f0aa3a32d10036a3d2
References (4)
https://github.com/advisories/GHSA-c6m7-g9xj-wvppOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-c6m7-g9xj-wvpp
Quick Actions