firestore-search-engine
MAL-2025-191092
npmmalware11/24/2025
Description
Malicious code in firestore-search-engine (npm)
Indicators of Compromise
SHA256 Hashes (3)
601104949ff3e70dee026815cc3a13010451dacedca87a2e15c075e9923a990c
05fb0fa8a5372a89519adb50ba874bbc28a78160a1b0c1f500ac5ddd8363b1b4
d13c5bf9a90c4b5043c0ac86fea67792a3688c2d84fb39eb0f2cf28902fe2e78
References (4)
https://github.com/advisories/GHSA-vpvg-cpgw-q6h8OSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-vpvg-cpgw-q6h8
Quick Actions