@ensdomains/renewal
MAL-2025-190810
npmmalware11/24/2025
Description
Malicious code in @ensdomains/renewal (npm)
Indicators of Compromise
SHA256 Hashes (4)
883538b98c1520c66d820cf152019f2961c458e1daa61065e6646dea1e14b339
9a66dd3b7f22e60f2047119e09a00f2034cd8c4d1844cad51f9a1c87515274c6
ffd4b1e1d688c97fe7843fd02d560842f60308a980ff6937ecb4a4901e600e22
d79bb913e6b5fc51388a6ea2bfd37dcf2478c927d55c3edc5c52d136b9ed1f7d
References (4)
https://github.com/advisories/GHSA-68rh-g4wj-348gOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-68rh-g4wj-348g
Quick Actions