esbuild-plugin-eta
MAL-2025-190840
npmmalware11/24/2025
Description
Malicious code in esbuild-plugin-eta (npm)
Indicators of Compromise
SHA256 Hashes (3)
ce85a550a897cb3f488103c8f681939113e2d9a27f2404395153d3348a5c002f
eee6c2c46a6a594f389aa85580f033eb39c879f80478d3cca6d746bd8f8afe21
ae0c5f80b6a0d92c3cc6afc1a46b2705d4a3b6c9c53794f6c97008349cf3a944
References (4)
https://github.com/advisories/GHSA-hf85-hfqr-63pmOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-hf85-hfqr-63pm
Quick Actions