Researchers say a compromised npm maintainer account ('atool') was used to publish hundreds of malicious package versions across the @antv namespace, including downstream widely used packages such as echarts-for-react and timeago.js. The payload steals GitHub Actions secrets and credentials from cloud, Kubernetes, Vault, wallet, and developer-tool paths, exfiltrates data via GitHub and fallback infrastructure, and can republish tampered packages using stolen npm tokens. Reports also link the campaign to malicious PyPI uploads, a compromised GitHub Action, and a VS Code extension.
Why it matters: This is a high-impact ecosystem compromise with downstream risk to developer workstations, CI environments, and software consumers through trusted package updates. Defenders should immediately identify affected package versions, rotate exposed secrets and npm tokens, review CI runners and GitHub repositories for exfiltration, and block known malicious artifacts.
2026.06.08
63% relevant
This article ties the Microsoft GitHub repository compromises to the broader Mini Shai-Hulud/Miasma worm ecosystem, adding that a descendant worm was used to push malicious commits into more than 70 Microsoft repositories and break Azure-related CI/CD workflows.
2026.06.01
60% relevant
The article says the Red Hat compromise used a Mini Shai-Hulud variant and notes the malware was recently open-sourced, which connects it technically to the broader Mini Shai-Hulud campaign, but this is a distinct compromise affecting different packages, accounts, and victims.
Ionut Arghire
2026.05.20
100% relevant
The article establishes a distinct new Mini Shai-Hulud campaign centered on a compromised npm maintainer account and malicious releases across the @antv ecosystem, rather than updating one of the existing tracked stories.
2026.05.18
78% relevant
This article extends the same broader Shai-Hulud/TeamPCP npm supply-chain campaign by reporting a copycat worm in a new package (chalk-tempalte) plus three additional malicious npm packages from the same actor, including stealers and a DDoS bot component, shortly after TeamPCP open-sourced the worm.
2026.05.18
41% relevant
The article says the TanStack compromise used code from the Shai-Hulud worm published by TeamPCP, providing additional context on the malware family and tradecraft, but the core event here is the TanStack attack rather than the @antv compromise itself.
← Back to all stories