@lessondesk/api-client
MAL-2025-191026
npmmalware11/24/2025
Description
Malicious code in @lessondesk/api-client (npm)
Indicators of Compromise
SHA256 Hashes (4)
eb4c432835769d5308b4bed2f30d7b573203db24e9bcc9f3ea65836fc7b5a222
47de668df68182ec50804aab291af092c06d29199ec76a7bfe3168690996291f
69a146ca02c94dfe693ace1fc3260bb00f55d54d96a07c56ec184335f8a21e75
8c812dd964064f404443160aac0a9fddb5dccef95ecfb131a074fcf7176bd49f
References (4)
https://github.com/advisories/GHSA-jm29-mp7p-fqqxOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-jm29-mp7p-fqqx
Quick Actions