@alexcolls/nuxt-socket.io
MAL-2025-191185
npmmalware11/25/2025
Description
Malicious code in @alexcolls/nuxt-socket.io (npm)
Indicators of Compromise
SHA256 Hashes (3)
f5926d1c7228dbdc3c91f5f7c192f742997284e9e8276ae713748d14a9e0de9c
39e79cb62aefe23649f418c21167f8eb9459f2205a9f135905fa2a23761a4fdd
2dee0cebdac319dea5d5f8c78c0d15431297789499f8e486729175fffb7c4f91
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-q564-hpqp-4cmgOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-q564-hpqp-4cmg
Quick Actions