webpack-loader-httpfile
MAL-2025-191154
npmmalware11/24/2025
Description
Malicious code in webpack-loader-httpfile (npm)
Indicators of Compromise
SHA256 Hashes (3)
4a6ac38a2a1d2e2087e3155fce55aa949ffebf61e52918f9171409832b0e4c4d
a474d64040ac4e8d1180ef80a0c2e05c3c6d921b6a485785b98c48d0b83814f1
dac614016dd648eebd83cab4f9c04585d52439a98b69d5e02694cb48119dfd96
References (4)
https://github.com/advisories/GHSA-4j6q-7396-655gOSVhttps://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-4j6q-7396-655g
Quick Actions