@pruthvi21/use-debounce
MAL-2025-191049
npmmalware11/24/2025
Description
Malicious code in @pruthvi21/use-debounce (npm)
Indicators of Compromise
SHA256 Hashes (3)
9a357f6815a202889d9127a7356875107eeda684055276b7d9f7ebe0732853b7
44ea1f42c1963f30c12706128e93eca47ee4dd8ff4aa4b271a9a72e45c14ba5b
4cd8d11cd0a3abe19ac13cfc1b3bf6a4f1388ac2c6a404090a1264d32de390e8
References (4)
https://github.com/advisories/GHSA-35wh-x8vx-96h3OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-35wh-x8vx-96h3
Quick Actions