Back to article
Microsoft Security Blog

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft (opens in new tab)

Covers Active Supply Chain Attack Compromises @antv Packages on npmCovered by 4 sources See all sources covering this story including DEV Community, This Week In 4n6

Covers 1 related story

Socket·

Active Supply Chain Attack Compromises @antv Packages on npm

Discussed on Hacker News
Feeds

Covered in 4 articles

DEV Community·

The New Shape of Supply-Chain Trust

Discussed on DEV
Feeds
This Week In 4n6·

Week 21

Feeds
BadCyber·

IT Security Weekend Catch Up

Feeds
SOCRadar® Cyber Intelligence Inc.·

May 2026: TeamPCP’s Supply Chain Blitz Hits Checkmarx, GitHub, and npm

Feeds

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help