compare-obj
MAL-2025-190950
npmmalware11/24/2025
Description
Malicious code in compare-obj (npm)
Indicators of Compromise
SHA256 Hashes (4)
3a7310cc13d858af4c2dfc25ec5d42cf6aa52b00dd7fc28ba0ee069a68e7551b
1892ab55a1dcdd44c7f030aef1ae76a865ffffe4b7a0d4a0492696c149db2e4d
0fd6d308339159c38ff213bb81173019906fedf3d4f4acdd5747a7a1b84198c8
a58185cb08a94a7c3c42330c2f085a0722f735a633146531ee084acd89eb8799
References (4)
https://github.com/advisories/GHSA-fmgq-4crf-7q98OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-fmgq-4crf-7q98
Quick Actions