SECURITYTHE HACKER NEWS
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers discovered a software supply chain attack campaign compromising npm packages associated with the @antv ecosystem, affecting packages tied to the npm maintainer account atool, including echarts-for-react. The attack is part of the ongoing Mini Shai-Hulud attack wave, impacting roughly 1.1 million weekly users. This campaign compromises various npm packages.
Mentioned