Mini Shai-Hulud strikes again: npm worm compromises hundreds of @antv packages (opens in new tab)

Covered by 10 sources including BleepingComputer, This Week In 4n6

The Mini Shai-Hulud npm worm has hit Alibaba's @antv packages, echarts-for-react, and timeago.js. The payload steals CI/CD secrets, plants backdoors in VS Code and Claude Code, and spreads by republishing compromised packages. Here is what happened and how to protect your team. Category: Vulnerabilities & Threats

Read the original article

Sign in to keep reading the full article.

Sign Up Log In

Covered in 10 articles

BleepingComputer·

New Shai-Hulud malware wave compromises 600 npm packages

This Week In 4n6·

Week 21

infoworld.com·

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

View all 10 ›