@ensdomains/durin
MAL-2025-190930
npmmalware11/24/2025
Description
Malicious code in @ensdomains/durin (npm)
Indicators of Compromise
SHA256 Hashes (3)
1905c60405fab449591278c2391d696e1cefe345b08563f125bff00fcc9daff4
a7dcacde55c5201c366d199c830f210e3b126c9d1569c7c9a169bf40f8a3e13f
0f76cb23f974f6874e07378aa90337f94aae98f72b7472a50fbcadb043fb73cf
References (4)
https://github.com/advisories/GHSA-2g6v-5mhh-wxgfOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-2g6v-5mhh-wxgf
Quick Actions