Signal

Mini Shai-Hulud compromises over 300 AntV npm packages via maintainer account

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-18 23:00 UTCUpdated 2026-05-19 04:54 UTC

rss

supply_chain_attacknpmmalwareincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

thehackernews · News · thehackernews.com · 2026-05-19 04:54 UTC

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

Snyk Blog · News · snyk.io · 2026-05-18 23:00 UTC

limited source diversity in top sources

View all evidence

Overview

Coverage discusses speculative scenarios; treat as market chatter and see linked sources.

Score total

0.97

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The attack is recent and ongoing, with over 300 malicious package versions published.
The compromised maintainer account enables automated injection of malware into popular npm packages.
Awareness and remediation are urgent to protect the npm ecosystem and dependent projects.

Why it matters

Supply chain attacks compromise trusted software components, risking widespread impact.
AntV packages are widely used, so malicious versions can affect many developers and applications.
Detecting and responding quickly is critical to prevent further exploitation.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

The Mini Shai-Hulud attack compromised the npm maintainer account 'atool', leading to over 300 malicious package versions published in the AntV ecosystem.

How sources frame it

The Hacker News; Snyk Blog: neutral

This incident underscores the ongoing risks in npm supply chains and the importance of vigilant package maintenance and monitoring.

All evidence

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

thehackernews · thehackernews.com · 2026-05-19 04:54 UTC

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

Snyk Blog · snyk.io · 2026-05-18 23:00 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

thehackernews (1)
Snyk Blog (1)

Top origin domains (this list)

thehackernews.com (1)
snyk.io (1)