@voiceflow/google-dfes-types
MAL-2025-191351
npmmalware11/25/2025
Description
Malicious code in @voiceflow/google-dfes-types (npm)
Indicators of Compromise
SHA256 Hashes (3)
e530a18ec4a9a1b27638934f3c2d03d5e9f26f9a7fb9c05698f37ce9af03acb0
99de9eb01584a6697b1853c82f8cf0c14960cd59acf51a46da1a70e91dafb2bb
04a5078499c9ba131d593044169dbb0a8f814c085d73c4823872c41430f8fad2
References (4)
https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomainsOSVhttps://www.wiz.io/blog/shai-hulud-2-0-ongoing-supply-chain-attackOSVhttps://www.stepsecurity.io/blog/sha1-hulud-the-second-coming-zapier-ens-domains-and-other-prominent-npm-packages-compromisedOSVhttps://github.com/advisories/GHSA-3gc8-xqj9-q2gvOSV
Details
Ecosystemnpm
Attack Typemalware
Published11/25/2025
Aliases
GHSA-3gc8-xqj9-q2gv
Quick Actions