Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account



May 19, 2026 at 10:24AM

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly

from The Hacker News https://ift.tt/5L72tAu

Genrerating Link.... 15 seconds.

Your Link is Ready.

Share this post