@voiceflow/eslint-config
MAL-2025-191345
npmmalware11/25/2025
Description
Malicious code in @voiceflow/eslint-config (npm)
Indicators of Compromise
SHA256 Hashes (4)
6802a0818f9658dbcd6f5bc7067d6e19c25cb1ea07e1faed479279ef364e6137
d45f45e150637e1f0987c35542023cd1aa2a7df05c7cfb712bfdcbddcf4e5e66
c4db5527f8a6098b9553e656b50ee1e0fcae45b163917de83299e9e5200ff96f
a9d71b7dfd6c71e17052a1eddfe1f1b7512d7766591b4303ab151b7920eaa2a4
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-8624-gc9h-3mfjOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-8624-gc9h-3mfj
Quick Actions