MAL-2025-190928
See a problem?- Import Source
- https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/zapier-platform-legacy-scripting-runner/MAL-2025-190928.json
- JSON Data
- https://api.osv.dev/v1/vulns/MAL-2025-190928
- Published
- 2025-11-24T16:31:47Z
- Modified
- 2025-11-26T00:07:02.988256Z
- Summary
- Malicious code in zapier-platform-legacy-scripting-runner (npm)
- Details
-
-= Per source details. Do not edit below this line.=-
Source: amazon-inspector (e90298308f4d64cfb41746e3f65bcdbae9f4d790f7db3034608ea5d520aa73cc)
The package zapier-platform-legacy-scripting-runner was found to contain malicious code.
Source: google-open-source-security (47f0f0793f2fc1370ab9709d5803321fe6354cf45f718152f48206354167edcc)
This package was compromised by the Sha1-Hulud: The Second Coming NPM worm. The malicious payload steals tokens and credentials and publishes them to GitHub. The worm will propogate itself to NPM packages the user owns and establish persistence is a GitHub action. The package may also destroy the user's home directory.
- Database specific
{ "malicious-packages-origins": [ { "sha256": "e90298308f4d64cfb41746e3f65bcdbae9f4d790f7db3034608ea5d520aa73cc", "source": "amazon-inspector", "modified_time": "2025-11-24T16:31:47Z", "versions": [ "4.0.3", "4.0.4" ], "import_time": "2025-11-24T16:39:49.155875052Z" }, { "sha256": "47f0f0793f2fc1370ab9709d5803321fe6354cf45f718152f48206354167edcc", "source": "google-open-source-security", "modified_time": "2025-11-25T00:16:49Z", "versions": [ "4.0.2", "4.0.3", "4.0.4" ], "import_time": "2025-11-25T00:17:34.329501Z" } ] }- References
- Credits
-
-
- Amazon Inspector - FINDER
-
Affected packages
npm / zapier-platform-legacy-scripting-runner
Package
- Name
- zapier-platform-legacy-scripting-runner
- View open source insights on deps.dev
- Purl
- pkg:npm/zapier-platform-legacy-scripting-runner