@hover-design/react
MAL-2025-191227
npmmalware11/24/2025
Description
Malicious code in @hover-design/react (npm)
Indicators of Compromise
SHA256 Hashes (3)
894dbfa4875aca8c9ba8a228a57bc2faeea385e5a799fbf2ab6ef91e60a57138
5df8a829f7050a1ab99c651ea7a080859b93dc2d805087aa96bfb9b499bc010d
50c066ac501de3af9fd156e23b5fb0317b633da301c4cf66b12f2ae8429e0970
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-fvpg-6cfc-hf7rOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/24/2025
Aliases
GHSA-fvpg-6cfc-hf7r
Quick Actions