Mini Shai‑Hulud: malicious updates to @antv packages via compromised npm account

Colleagues, a cybersecurity alert: a wave of Mini Shai‑Hulud attacks has been detected, compromising packages in the @antv ecosystem and several related npm modules.
In brief:
- The npm account 'atool' was compromised — hundreds of trojanized releases were published (639 versions across 323 packages).
- A stealer harvests 20+ types of credentials (AWS, GCP, Azure, GitHub, npm, SSH, Kubernetes, databases, Stripe) and exfiltrates them.
- The attack leverages preinstall hooks, abuses npm tokens for automated republishing, and writes stolen data to public repositories as a backup.
Why it matters: supply‑chain compromise yields a wide blast radius and the risk of automatic pulling of malicious updates.
How do you plan to strengthen dependency and CI/CD protection?
#cybersecurity #supplychain #npm #DevSecOps


Latest comments
No comments yet.