Sophisticated "Mini Shai-Hulud" Supply Chain Attack Targets @antv npm Ecosystem
A newly uncovered supply chain attack, dubbed Mini Shai-Hulud, compromised the @antv npm ecosystem a widely used collection of data visualization libraries with devastating precision. The campaign, discovered by Microsoft security researchers, exploited a maintainer account to publish malicious versions of popular packages, including echarts-for-react, which boasts over one million weekly downloads.
The attack spread rapidly, infecting thousands of developer pipelines within hours. The payload, a 499 KB obfuscated JavaScript file, executed automatically during npm install, targeting GitHub Actions environments to steal credentials from cloud services like AWS, HashiCorp Vault, Kubernetes, npm, and 1Password. It bypassed standard secret masking by scraping process memory directly from GitHub Actions runners.
To evade detection, the malware employed two layers of obfuscation Base64-encoded strings and a custom cipher using PBKDF2 and SHA-256 and exited immediately if not running in a GitHub Actions Linux environment. Data exfiltration occurred via encrypted HTTPS to a command-and-control domain or through GitHub’s Git Data API, creating commits in victim repositories.
GitHub responded by removing 640 malicious packages and invalidating over 61,000 npm tokens. The @antv maintainers confirmed the breach has been resolved, though Microsoft advises developers to audit dependency trees, rotate exposed credentials, and check for unexpected public repositories created during the attack window.
Indicators of compromise include the malicious payload’s SHA-256 hashes (a68dd1e6a6e35ec3771e1f94fe796f55dfe65a2b94560516ff4ac189390dfa1c and fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142) and the domain t.m-kosche[.]com:443. The attack highlights the growing threat of supply chain compromises in open-source ecosystems.
@antv TPRM report: https://www.rankiteo.com/company/antv-inc
GitHub TPRM report: https://www.rankiteo.com/company/github
"id": "antgit1779395279",
"linkid": "antv-inc, github",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Thousands of developer '
'pipelines, users of '
'*echarts-for-react* and related '
'packages',
'industry': 'Technology, Data Visualization',
'name': '@antv',
'type': 'Open-source software ecosystem'}],
'attack_vector': 'Compromised maintainer account, malicious npm packages',
'customer_advisories': 'Developers advised to audit dependency trees, rotate '
'exposed credentials, and check for unexpected public '
'repositories',
'data_breach': {'data_encryption': 'Yes (PBKDF2 and SHA-256 for obfuscation)',
'data_exfiltration': 'Yes (via encrypted HTTPS to C2 domain '
'or GitHub’s Git Data API)',
'sensitivity_of_data': 'High (cloud service credentials, '
'secrets)',
'type_of_data_compromised': 'Credentials (AWS, HashiCorp '
'Vault, Kubernetes, npm, '
'1Password)'},
'description': 'A newly uncovered supply chain attack, dubbed *Mini '
'Shai-Hulud*, compromised the @antv npm ecosystem, a widely '
'used collection of data visualization libraries. The campaign '
'exploited a maintainer account to publish malicious versions '
'of popular packages, including *echarts-for-react*, which '
'boasts over one million weekly downloads. The payload '
'executed automatically during `npm install`, targeting GitHub '
'Actions environments to steal credentials from cloud services '
'like AWS, HashiCorp Vault, Kubernetes, npm, and 1Password. '
'The malware bypassed standard secret masking by scraping '
'process memory directly from GitHub Actions runners and '
'employed two layers of obfuscation to evade detection. Data '
'exfiltration occurred via encrypted HTTPS to a '
'command-and-control domain or through GitHub’s Git Data API.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to @antv '
'and affected organizations',
'data_compromised': 'Credentials from AWS, HashiCorp Vault, '
'Kubernetes, npm, and 1Password',
'identity_theft_risk': 'High (exposed credentials)',
'operational_impact': 'Thousands of developer pipelines infected '
'within hours',
'systems_affected': 'Developer pipelines, GitHub Actions '
'environments'},
'initial_access_broker': {'entry_point': 'Compromised maintainer account',
'high_value_targets': 'GitHub Actions environments, '
'cloud service credentials'},
'investigation_status': 'Resolved (breach confirmed as resolved by @antv '
'maintainers)',
'lessons_learned': 'Growing threat of supply chain compromises in open-source '
'ecosystems, need for stricter maintainer account security '
'and dependency audits',
'motivation': 'Credential theft, data exfiltration',
'post_incident_analysis': {'corrective_actions': 'Stricter maintainer account '
'security, dependency '
'audits, credential rotation',
'root_causes': 'Compromised maintainer account, '
'lack of strict security controls '
'in npm package publishing'},
'recommendations': 'Audit dependency trees, rotate exposed credentials, check '
'for unexpected public repositories, monitor for '
'indicators of compromise',
'references': [{'source': 'Microsoft Security Research'},
{'source': 'GitHub Advisory'}],
'response': {'containment_measures': 'Removal of 640 malicious packages, '
'invalidation of over 61,000 npm tokens',
'remediation_measures': 'Audit dependency trees, rotate exposed '
'credentials, check for unexpected '
'public repositories',
'third_party_assistance': 'Microsoft security researchers'},
'title': "Sophisticated 'Mini Shai-Hulud' Supply Chain Attack Targets @antv "
'npm Ecosystem',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Automated execution during `npm install`, GitHub '
'Actions environment targeting'}