@posthog/clickhouse
MAL-2025-190945
npmmalware11/24/2025
Description
Malicious code in @posthog/clickhouse (npm)
Indicators of Compromise
SHA256 Hashes (3)
feeaa10a864684274d993ef940dd92cdcda023ba75680588c31f515eca5d0afe
ab67710c7cf24d338618be2ab087d4c3b27117879492e29334b31cd0328e171a
0c2e2871faa55dcedc21bb4e212b945597d00a05e3de96ddacdd68d1740fe5b7
References (4)
https://github.com/advisories/GHSA-h33f-hhfm-c5wvOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-h33f-hhfm-c5wv
Quick Actions