@orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode
MAL-2025-191045
npmmalware11/24/2025
Description
Malicious code in @orbitgtbelgium/mapbox-gl-draw-cut-polygon-mode (npm)
Indicators of Compromise
SHA256 Hashes (3)
935c4280af1bdaf47d975466c787d95cc5ccbe0576978cf7e1c3ea0694eb7de4
d759857ebf67d81997556e0b34b1e4423f033aadc46d9aa856c5b81fb9b1c75d
fd6b81efa112c215fc1db9c23a7808a0d8613c693b7e60a8e988a360a5f1fb54
References (4)
https://github.com/advisories/GHSA-rr3j-7qx6-m8gvOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-rr3j-7qx6-m8gv
Quick Actions