Signal

AntV npm ecosystem hit by large-scale supply chain attack spreading to PyPI

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-19 19:19 UTCUpdated 2026-05-20 15:00 UTC

rss

supply_chain_attacknpmpypimalwareopen_source_security

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-05-20 15:00 UTC

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

SecurityWeek · News · securityweek.com · 2026-05-20 11:06 UTC

The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised

Snyk Blog · News · snyk.io · 2026-05-19 23:00 UTC

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

CSO Online · News · csoonline.com · 2026-05-19 19:19 UTC

View all evidence

Overview

A major supply chain attack compromised a high-value npm maintainer account, leading to the publication of over 600 malicious versions across more than 300 npm packages in the AntV namespace, widely used for data visualization.

Entities

AlibabaMicrosoftAntVMini Shai-Huluddurabletasktimeago.js

Score total

1.3

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

The attack occurred recently on May 19, 2026, with rapid follow-up compromise of PyPI packages.
This is the largest npm supply chain attack recorded to date, highlighting escalating risks in open-source ecosystems.
The incident affects widely used packages in enterprise and developer communities, raising urgent security concerns.

Why it matters

Supply chain attacks on popular open-source packages can impact millions of users and software projects worldwide.
Compromise of high-value maintainer accounts enables rapid and widespread distribution of malicious code.
Expansion of attacks from npm to PyPI signals increasing sophistication and cross-ecosystem targeting by threat actors.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

A compromised npm maintainer account published over 600 malicious package versions across 317 npm packages in the AntV namespace.
The Mini Shai-Hulud supply chain attack is the largest npm supply chain wave to date, impacting hundreds of packages in the AntV ecosystem.
The supply chain campaign expanded to PyPI, compromising Microsoft's durabletask package shortly after the npm attack.

How sources frame it

CSO Online: neutral
SecurityWeek: neutral
Infosecurity Magazine: neutral
Snyk Blog: neutral

All evidence

All evidence

Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem

Infosecurity Magazine · infosecurity-magazine.com · 2026-05-20 15:00 UTC

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

SecurityWeek · securityweek.com · 2026-05-20 11:06 UTC

The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised

Snyk Blog · snyk.io · 2026-05-19 23:00 UTC

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

CSO Online · csoonline.com · 2026-05-19 19:19 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

Infosecurity Magazine (1)
SecurityWeek (1)
Snyk Blog (1)
CSO Online (1)

Top origin domains (this list)

infosecurity-magazine.com (1)
securityweek.com (1)
snyk.io (1)
csoonline.com (1)