@hover-design/core
MAL-2025-191226
npmmalware11/24/2025
Description
Malicious code in @hover-design/core (npm)
Indicators of Compromise
SHA256 Hashes (3)
a0580fc58ad53fb1a9e44fe6bd6c8a24c73a238dff743c9819efa2e552253afc
72f88bf2576fe8f69143e5039a3ba4f33b8bf99e7d150be29c8672252fb96d26
b03af3ac7b52b07f33bbcc22eb9afad4255a3c9c5f5ce300953bbedb4193751e
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-ggpx-9h3v-5mmmOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-ggpx-9h3v-5mmm
Quick Actions