@commute/market-data-chartjs
MAL-2025-191209
npmmalware11/25/2025
Description
Malicious code in @commute/market-data-chartjs (npm)
Indicators of Compromise
SHA256 Hashes (3)
31a62bf4bf9be5879c467660cd04be36044cce4faaa3e45491ebd693569dddf7
a6294b783dfe95b3b4e54aebbf97609bf86fe58452bd292a5a53e4764c8abba0
e906d8b501e2641730640922fb6196f422637e4fa3c7eb6e5823dc3f6301026c
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-99gc-8v36-q594OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-99gc-8v36-q594
Quick Actions