THREATOPS
THREAT OPSThreat News › Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

infosnykPublished 2026-05-18

A compromised npm maintainer account triggered an automated burst of over 300 malicious package versions across 323 packages in the AntV data visualization ecosystem, part of the ongoing Mini Shai-Hulud supply chain worm campaign. Here's what the malware does, how to detect exposure, and how to respond.

MITRE ATT&CK techniques

Original source: https://snyk.io/blog/mini-shai-hulud-antv-npm-supply-chain-attack/