All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+…

Read the full article
theanonymousone1mo ago36 min readenNews

You might also wanna read

TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack

On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistra

Snyk·2mo ago

"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages

A new npm supply chain attack self-branded "Mini Shai-Hulud" compromised four SAP-ecosystem packages on April 29, 2026. Snyk has live adviso

Snyk·2mo ago

Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages

The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report de

microsoft.com·1mo ago

Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.

safedep.io·1mo ago

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

A compromised npm maintainer account triggered an automated burst of over 300 malicious package versions across 323 packages in the AntV dat

Snyk·1mo ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malwa

microsoft.com·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.