MAL-2025-190871
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@mparpaillon/imagesloaded/MAL-2025-190871.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-190871
- Published
- 2025-11-24T16:31:47Z
- Modified
- 2025-12-23T15:48:20.111263Z
- Summary
- Malicious code in @mparpaillon/imagesloaded (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (733f9cddc9163f876de6db1b1dab8c6325aa55f34f478662321875c52f242ea4)
The package @mparpaillon/imagesloaded was found to contain malicious code.
- Database specific
{ "malicious-packages-origins": [ { "source": "amazon-inspector", "import_time": "2025-11-24T16:39:52.630444465Z", "sha256": "733f9cddc9163f876de6db1b1dab8c6325aa55f34f478662321875c52f242ea4", "modified_time": "2025-11-24T16:31:47Z", "versions": [ "4.1.2" ] }, { "source": "reversing-labs", "id": "RLMA-2025-06028", "import_time": "2025-12-23T15:07:38.062789372Z", "modified_time": "2025-12-23T07:48:47Z", "sha256": "506e977605745b6dcf2edcfac3bf4e93db53a7e8b954f02ea12ea95cdffbef6d", "versions": [ "4.1.2" ] } ] }- References
-
- https://www.mend.io/blog/shai-hulud-the-second-coming
- https://checkmarx.com/zero-post/shai-huluds-second-coming-npm-malware-attack-evolved
- https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains
- https://www.veracode.com/blog/return-of-the-shai-hulud-worm
- https://www.reversinglabs.com/blog/another-shai-hulud-npm-worm-is-spreading-heres-what-you-need-to-know
- Credits
-
-
- Amazon Inspector - FINDER
-
- ReversingLabs - FINDER
-
Affected packages
npm / @mparpaillon/imagesloaded
Package
- Name
- @mparpaillon/imagesloaded
- View open source insights on deps.dev
- Purl
- pkg:npm/%40mparpaillon/imagesloaded