orbit-boxicons
MAL-2025-190854
npmmalware11/24/2025
Description
Malicious code in orbit-boxicons (npm)
Indicators of Compromise
SHA256 Hashes (3)
b738b9c09b7dc6b9fd5de0bd3a6006ea4931482eaf62228b6837997f0a625b2b
2bafb55d5f4d1082ed8b15fdeefee0570d3d86fe8b2a13bd046fd62abce85c18
54b4da2193e26211c4c08a21d56cfd05b5dd019a4531411e488a5870c6076a8c
References (4)
https://github.com/advisories/GHSA-gj6q-cmmq-vv58OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-gj6q-cmmq-vv58
Quick Actions