@ensdomains/vite-plugin-i18next-loader
MAL-2025-190741
npmmalware11/24/2025
Description
Malicious code in @ensdomains/vite-plugin-i18next-loader (npm)
Indicators of Compromise
SHA256 Hashes (4)
c80441cca25579f7c8502d6480cda21575480d92e3c38e1f7c734e7f87462f21
473280de7d29dd017bfa50f0826a0aa810d204a6949fe49d6753ff28ff61d505
11a4817b3a5204da9e810eb9085dc5121fd8af83c29c8f73d35d22a6f6096809
498cd9e9ace897a76da2cf0a7cbe5bee289608e99e4c3b0e77d5f95423a5dfd8
References (4)
https://github.com/advisories/GHSA-9g7r-9c2x-w9fjOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-9g7r-9c2x-w9fj
Quick Actions