react-hook-form-persist
MAL-2025-190990
npmmalware11/24/2025
Description
Malicious code in react-hook-form-persist (npm)
Indicators of Compromise
SHA256 Hashes (4)
30f83e1a29da00c032f15c6db87d12f237e3580a82086afdb71b2a62271371c7
8030e410dc71e9603bb5e1f5ca4c460699bd132a6e5920a1419aedd71ff2c560
4b2b047efb74164cc4ce67a2c38eb9bcdaef363671d90c38c13e236ec90f4ce4
47ab6f44036534845a43d1d7d5ea6733f66bad6cf2321e4668265a9ee08d82d0
References (4)
https://github.com/advisories/GHSA-r36f-rrrf-m64gOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-r36f-rrrf-m64g
Quick Actions