On May 19, 2026, the Mini Shai-Hulud supply chain worm campaign struck the @antv npm ecosystem, pushing 639 malicious versions across 323 packages in under 30 minutes. The compromised maintainer account, “atool” (linked to Alibaba’s entire antv data visualization stack), published malicious updates starting at 01:56 UTC, with Socket’s threat research team detecting most of them within 6.7 minutes.
Affected packages include echarts-for-react (1.1 million weekly downloads), size-sensor (4.2 million), @antv/scale (2.2 million), and timeago.js (1.15 million). Semver-range consumers like ^3.0.6 for echarts-for-react auto-resolved to the compromised version 3.2.7 on fresh installs.
The malware harvested over 20 credential types: GitHub and npm tokens, AWS keys, Google Cloud and Azure tokens, SSH keys, Kubernetes service accounts, HashiCorp Vault secrets, Stripe API keys, and local password vaults from 1Password and Bitwarden. Data was encrypted with AES-256-GCM, the AES key itself wrapped in RSA-OAEP, and exfiltrated via a command-and-control endpoint or, as a fallback, committed into public GitHub repositories with Dune-themed names like sardaukar-melange-742. The payload also embedded worm logic to spread through compromised npm tokens and maintainers.
StepSecurity reported over 2,500 GitHub repositories containing campaign indicators, while Socket tallied a total of 1,055 compromised versions across npm, PyPI, and Composer. The TeamPCP threat group is suspected. Blockchain developers using antv libraries for DeFi dashboards and Web3 tooling are at high risk of CI/CD pipeline leaks. SlowMist CEO 23pds urged immediate token rotation and multi‑factor authentication, calling any installed instance fully compromised.
