@zapier/browserslist-config-zapier
MAL-2025-190762
npmmalware11/24/2025
Description
Malicious code in @zapier/browserslist-config-zapier (npm)
Indicators of Compromise
SHA256 Hashes (4)
911593a8af4f2dab2b14579f1f1014294cc5d8109cb6e5ee9d7ba33aa7c3fe8b
a5146756159d44339572781661307fc36bb08adb636158ee54628f774506ae47
9db7871e6c9737ce3ba75d2b223265c3f1db6d133f6f8a936105ea867d7941c4
e10048643882817eb78f21680cf3cc9b40014fdede7b4336dbd46998c9abfd01
References (4)
https://github.com/advisories/GHSA-x7fh-q8wq-96rxOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-x7fh-q8wq-96rx
Quick Actions