AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
The largest incident yet is a warning that developers should urgently check package security, say experts.
Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
safedep.ioA compromised npm maintainer account published 631 malicious versions across 314 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
The largest incident yet is a warning that developers should urgently check package security, say experts.
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack | TechCrunch
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.
Mini Shai-Hulud returns, compromising hundreds of npm packages
The resilient worm is again sweeping through npm repositories, stealing developer credentials and planting backdoors that survive package removal
SafeDep says Mini Shai-Hulud payload slipped into 317 npm packages
SafeDep reports a compromised npm account pushed 637 malicious versions across 317 packages, with CI and AI tool persistence tied to the Mini Shai-Hulud toolkit.