feature-flip
MAL-2025-191091
npmmalware11/24/2025
Description
Malicious code in feature-flip (npm)
Indicators of Compromise
SHA256 Hashes (3)
1d3a90cfc6cc14cf62f81b6f2ca995f00fbff67b1b819ba339516765de278bd2
83174532991b1005c74b76e25b734d60eb0e7f5820c156373fce8945bc16a4d2
70f38090f7d06e2ca6dedee4db704eb48de8c582ee65be6a5142487fba31d1e1
References (4)
https://github.com/advisories/GHSA-wfc8-g67x-27ccOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-wfc8-g67x-27cc
Quick Actions