A major software supply chain attack has compromised hundreds of widely used npm packages tied to the AntV ecosystem, exposing developers and organizations to credential theft, malware delivery, and potentially broader infrastructure compromise.
Security researchers at Socket.dev and Snyk say the incident is linked to the ongoing “Mini Shai-Hulud” malware campaign, a rapidly evolving threat operation targeting the JavaScript ecosystem through hijacked maintainer accounts and poisoned package updates.
Hundreds of Packages Affected
According to researchers, attackers compromised the npm maintainer account “atool” and used it to publish malicious versions across more than 300 packages in a matter of minutes. The affected libraries include several high-profile packages with millions of weekly downloads, such as:
echarts-for-reactsize-sensortimeago.js@antv/g6@antv/g2@antv/x6
The broader AntV ecosystem, which was originally developed within Alibaba and widely used for data visualization and enterprise dashboards, has extensive adoption across financial services, analytics platforms and web applications.
Researchers estimate the compromised packages collectively account for tens of millions of downloads per month, dramatically increasing the potential blast radius.
Credential Theft and Self-Propagation
The malicious payloads reportedly go far beyond simple backdoors.
Socket researchers said the malware was designed to steal sensitive information from developer environments and CI/CD systems, including:
- AWS credentials
- GitHub tokens
- npm authentication tokens
- SSH keys
- Docker configurations
- Kubernetes secrets
In some environments, the malware also attempted container escape techniques if Docker sockets were exposed.
Security analysts linked the attack to the same “Mini Shai-Hulud” campaign previously observed targeting SAP and AI-related npm packages earlier this year.
The malware family has gained attention for its worm-like behavior and aggressive propagation techniques, including attempts to infect additional packages and developer workflows.
A Familiar Pattern in npm Attacks
The latest compromise adds to a growing list of high-profile attacks targeting the npm ecosystem in 2026.
Recent incidents involving packages tied to Axios, TanStack, and SAP all followed a similar pattern. Attackers compromise a trusted maintainer account or CI/CD workflow, publish malicious package updates, and rely on automated dependency updates to spread malware rapidly.
Read: OpenAI Responds to Axios npm Supply Chain Attack, Rotates macOS Certificates
In this case, researchers believe the malicious packages were published during a narrow 22-minute window before detection efforts began. Some malicious versions were later deprecated or removed from npm, though security experts warn that anyone who installed affected versions should assume compromise.
Microsoft and Security Researchers Warn Developers
Researchers from Microsoft and Socket Security publicly warned developers to immediately audit dependencies, pin known-safe versions, and rotate credentials potentially exposed during installation.
Security teams are also advising organizations to:
- Run installs with
--ignore-scriptswhere feasible - Review CI/CD secrets and environment variables
- Monitor for suspicious outbound network traffic
- Audit recently updated dependencies
Because many npm malware campaigns now execute during installation rather than runtime, compromised systems may show little evidence after the initial infection.
Modern JavaScript applications often rely on hundreds—or thousands—of indirect dependencies. That means compromising a single popular maintainer account can create a cascading effect across enterprise environments worldwide.
Academic research published this year found that over 21% of npm packages inherit at least one known vulnerability through dependency chains, highlighting how interconnected—and fragile—the ecosystem has become.
