parcel-plugin-asset-copier
MAL-2025-190984
npmmalware11/24/2025
Description
Malicious code in parcel-plugin-asset-copier (npm)
Indicators of Compromise
SHA256 Hashes (4)
673f23e65b796cf4a1f8f154217b20f06b26d1f7967750091d901380934e2697
344955077c61592ec46c29550b12878886b0b61f3a7c84e050d6d25756f60bf2
e42728295cc2275c35ab041bfdfdad2142156224d4fbdfd267579151fd88834a
f6145ffe2d6b38dc9026fe85b17a49241195565c7383d70aade358ccd4b991ea
References (4)
https://github.com/advisories/GHSA-48jp-f8c9-6wqqOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-48jp-f8c9-6wqq
Quick Actions