@faq-component/react
MAL-2025-191219
npmmalware11/24/2025
Description
Malicious code in @faq-component/react (npm)
Indicators of Compromise
SHA256 Hashes (3)
39f07549ff3c70d20be5bf9cdc80b5abc3c05e025ce9ea31f4db3a4ac75d8208
f63bdf3e1b915cc7beae30570f83377e9bb8d2ad3e44b37bc482677dd1c210c0
df586e32692cea34139ba733463bcb3c3a81b1b84779c4e66806ed029046ab99
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-9vh3-2c3x-mw47OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-9vh3-2c3x-mw47
Quick Actions