obj-to-css
MAL-2025-191136
npmmalware11/24/2025
Description
Malicious code in obj-to-css (npm)
Indicators of Compromise
SHA256 Hashes (4)
ada9fa1c509e4ac91c240ba95d3953b53291943071c42aa967d243bd17682078
2f44839b4de1f3250cf91757bded055bfab15cc4ec1d77beb011f9d5db31b073
ae73874ce6fbb3f8c5c8f7ed92b5254aa76f0ff82d5b4413245524a82d21b926
16c28013383e05a71d5da9d3d7c0d685a6355e42251a9527e769061e13ce54bb
References (4)
https://github.com/advisories/GHSA-2hf2-pqrh-ph9rOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-2hf2-pqrh-ph9r
Quick Actions