@everreal/react-charts
MAL-2025-191215
npmmalware11/24/2025
Description
Malicious code in @everreal/react-charts (npm)
Indicators of Compromise
SHA256 Hashes (3)
a9752b01711477a086c075e8f80e8d94cc2897ba48628ced8ba9e48c84883f68
c10bcc38c429c991f466a05f9811c0d5c2963366e901b5b8e9f8dbdeb535e3ad
5768b8f3a3e5bd1a30a71e7ec2dccf1b55e7e06c7967fe7f40bb6cd938104716
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-hrrf-hf44-9vv7OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-hrrf-hf44-9vv7
Quick Actions