@quick-start-soft/quick-git-clean-markdown
MAL-2025-190820
npmmalware11/24/2025
Description
Malicious code in @quick-start-soft/quick-git-clean-markdown (npm)
Indicators of Compromise
SHA256 Hashes (4)
9adff2ef0e0f228ddb70b390f0d42390c62cc3714eb27b2014b31b9961c1e7f7
577d17cd2429a5652e40b47820dcf0d2effeaf1de1762f1ee7c8b3c14eeb7cb3
5c8320b1dff6a1083962a40a99d3e75b943d5af39c70d4ba0ecdbe8aaf90597b
4c65c9dcc807d6d82c5eeda5fa9224a35900521f36c91541be62f6e15ee69b36
References (4)
https://github.com/advisories/GHSA-c7cp-2wjp-3vg9OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-c7cp-2wjp-3vg9
Quick Actions