@ensdomains/renewal-widget
MAL-2025-190735
npmmalware11/24/2025
Description
Malicious code in @ensdomains/renewal-widget (npm)
Indicators of Compromise
SHA256 Hashes (4)
829d1d59ae69f9302b70416ea10d9af93f698aa766f13bc38c7797b23acdf3dc
727920a0b3da80ce1061cf9557e1d3ef72a90618523b692406438b7150061dad
3edc3409701ab0fbea8680ab9b5be1776b61536d131d8d6e957405b5a8454832
f51b24c6be68fcc7d3a6d5ef82c31772727851241fcc9d9830540fdb9d5d8efc
References (4)
https://github.com/advisories/GHSA-mq34-p89p-8c9hOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-mq34-p89p-8c9h
Quick Actions