@voiceflow/body-parser
MAL-2025-191336
npmmalware11/25/2025
Description
Malicious code in @voiceflow/body-parser (npm)
Indicators of Compromise
SHA256 Hashes (3)
b72764447ccca9ea7b38caf9be3a943b30ab87ea1f84810cb8e020bc8b7149c4
2c68c62ac5c495065e24bd25451dac9549f074acbca42cfa4263c431b122f20d
27087f99b3b863dae53a7bc93919c6691aa9fb2deb6de5eda5deea916f283686
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-c89h-mw7j-hh48OSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-c89h-mw7j-hh48
Quick Actions