314 npm packages just got compromised, 271 @antv, echarts-for-react, size-sensor, timeago.js (opens in new tab)

Covers 4 stories including Shai-Hulud Goes Open SourceDiscussed on Hacker News and r/programming

A compromised npm maintainer account published 631 malicious versions across 314 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.

Read the original article