@posthog/nuxt
MAL-2025-190749
npmmalware11/24/2025
Description
Malicious code in @posthog/nuxt (npm)
Indicators of Compromise
SHA256 Hashes (4)
e475b17da9cc625eb62906d0f93266f2657035bdf465eda5eb2a958fbbd45357
935dd114e6907af472225a5c7fb27bf9f36b83117c1e6355228de6b837a124e2
a64f6ee5631c8fccda190c0e222bcddf59392e070bfd9d866869cdf43c38a5d8
fca4c7380e37c76c43126ba18f8abc9a2091a7ec171c4f6e722a4f01d8a3850d
References (4)
https://github.com/advisories/GHSA-mj3m-hmc6-gmpvOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-mj3m-hmc6-gmpv
Quick Actions