license-o-matic
MAL-2025-191123
npmmalware11/24/2025
Description
Malicious code in license-o-matic (npm)
Indicators of Compromise
SHA256 Hashes (3)
49c52a247d555acb52bb022b38b85269d3d53c968f4702b205402846d92a18b2
b3fd129a621d2b0301bfbf34bd85c53356c530875a9934cf27d640358a20cd81
7ce44db24a3d6b239882af3df83b529d0110d58680c77d244af2553ac9436085
References (4)
https://github.com/advisories/GHSA-x23c-fr3f-x5gvOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-x23c-fr3f-x5gv
Quick Actions