react-native-email
MAL-2025-190996
npmmalware11/24/2025
Description
Malicious code in react-native-email (npm)
Indicators of Compromise
SHA256 Hashes (4)
d4958583cd91bbe56c1fc60889b6baa9106b80cf2ad0edca1b8663eb841bc76d
685a2ceb0fc4b3de8462a07c55626285d47bbb72612a7feac2582a7dbfc2a606
65b2143504a158be854209736cc83efb98f19a171fddaa28f4ccc0214cb09eba
213d85eca55bf76d6d5ed1a0cd0df2dee658bd6628f8295ecf2457dc9f8f6222
References (4)
https://github.com/advisories/GHSA-32m4-hxwx-rh9jOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-32m4-hxwx-rh9j
Quick Actions