Major npm Supply Chain Attack Compromises Hundreds of AntV Packages in Credential-Theft Campaign
A sophisticated software supply chain attack has compromised over 300 npm packages tied to the AntV ecosystem, a widely used JavaScript library suite for data visualization and enterprise dashboards. Security researchers at Socket.dev and Snyk attribute the breach to the "Mini Shai-Hulud" malware campaign, an ongoing operation targeting the JavaScript ecosystem through hijacked maintainer accounts.
The attack began when threat actors compromised the npm account "atool", using it to publish malicious updates across high-profile packages including echarts-for-react, size-sensor, timeago.js, @antv/g6, @antv/g2, and @antv/x6 within a 22-minute window. Collectively, these packages see tens of millions of downloads per month, amplifying the potential impact across financial services, analytics platforms, and web applications.
The malware goes beyond basic backdoors, designed to steal sensitive credentials from developer environments and CI/CD pipelines, including:
- AWS credentials
- GitHub and npm tokens
- SSH keys
- Docker and Kubernetes configurations
In some cases, the payload also attempted container escape techniques if Docker sockets were exposed. The attack follows the same worm-like propagation seen in earlier "Mini Shai-Hulud" campaigns, which previously targeted SAP and AI-related npm packages in 2026.
This incident mirrors a growing trend of npm supply chain attacks, where threat actors compromise maintainer accounts or CI/CD workflows to distribute malware via automated dependency updates. Similar breaches this year have affected packages tied to Axios, TanStack, and SAP, often relying on rapid, undetected distribution before mitigation.
While some malicious versions were later deprecated or removed, security experts warn that any system that installed affected packages should be considered compromised. Researchers from Microsoft and Socket Security have advised organizations to audit dependencies, pin safe versions, and rotate exposed credentials, as modern malware often executes during installation rather than runtime leaving minimal forensic traces.
The attack underscores the fragility of the npm ecosystem, where a single compromised maintainer account can trigger a cascading impact across global enterprise environments. Recent academic research found that over 21% of npm packages inherit known vulnerabilities through dependency chains, further exposing the risks of interconnected open-source software.
Source: https://thecyberexpress.com/hundreds-of-antv-packages-compromised/
npm TPRM report: https://www.rankiteo.com/company/npm-inc-
AntV TPRM report: https://www.rankiteo.com/company/antv
"id": "npmant1779280448",
"linkid": "npm-inc-, antv",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Tens of millions of downloads '
'per month (financial services, '
'analytics platforms, web '
'applications)',
'industry': 'Data visualization, enterprise dashboards',
'name': 'AntV ecosystem',
'type': 'Open-source software library suite'},
{'industry': 'Data visualization',
'name': 'echarts-for-react',
'type': 'npm package'},
{'industry': 'Web development',
'name': 'size-sensor',
'type': 'npm package'},
{'industry': 'Web development',
'name': 'timeago.js',
'type': 'npm package'},
{'industry': 'Data visualization',
'name': '@antv/g6',
'type': 'npm package'},
{'industry': 'Data visualization',
'name': '@antv/g2',
'type': 'npm package'},
{'industry': 'Data visualization',
'name': '@antv/x6',
'type': 'npm package'}],
'attack_vector': 'Compromised npm maintainer account (atool)',
'data_breach': {'data_exfiltration': 'Yes (credential theft)',
'personally_identifiable_information': 'Potential (via '
'compromised '
'credentials)',
'sensitivity_of_data': 'High (cloud access, source code, '
'container orchestration)',
'type_of_data_compromised': ['Credentials',
'Tokens',
'SSH keys',
'Configuration files']},
'description': 'A sophisticated software supply chain attack has compromised '
'over 300 npm packages tied to the AntV ecosystem, a widely '
'used JavaScript library suite for data visualization and '
"enterprise dashboards. The breach is attributed to the 'Mini "
"Shai-Hulud' malware campaign, targeting the JavaScript "
'ecosystem through hijacked maintainer accounts. The malware '
'steals sensitive credentials from developer environments and '
'CI/CD pipelines, including AWS credentials, GitHub and npm '
'tokens, SSH keys, and Docker/Kubernetes configurations. The '
'attack also attempted container escape techniques if Docker '
'sockets were exposed.',
'impact': {'brand_reputation_impact': 'High (AntV ecosystem and associated '
'packages)',
'data_compromised': 'AWS credentials, GitHub and npm tokens, SSH '
'keys, Docker and Kubernetes configurations',
'identity_theft_risk': 'High (exposure of PII via compromised '
'credentials)',
'operational_impact': 'Potential unauthorized access to cloud '
'environments, source code repositories, and '
'container orchestration systems',
'systems_affected': 'Developer environments, CI/CD pipelines, '
'containerized systems'},
'initial_access_broker': {'backdoors_established': 'Malicious updates to npm '
'packages',
'entry_point': 'Compromised npm maintainer account '
'(atool)',
'high_value_targets': 'Developer environments, '
'CI/CD pipelines, '
'containerized systems'},
'lessons_learned': 'The fragility of the npm ecosystem, where a single '
'compromised maintainer account can trigger cascading '
'impacts. Importance of auditing dependencies, pinning '
'safe versions, and rotating exposed credentials. Modern '
'malware often executes during installation rather than '
'runtime, leaving minimal forensic traces.',
'motivation': 'Credential theft, data exfiltration, and potential lateral '
'movement',
'post_incident_analysis': {'corrective_actions': 'Implement MFA for '
'maintainer accounts, audit '
'dependencies, rotate '
'exposed credentials, '
'enhance supply chain '
'security',
'root_causes': 'Compromised maintainer account, '
'lack of multi-factor '
'authentication (MFA), automated '
'dependency updates without '
'verification'},
'recommendations': ['Audit dependencies and pin safe versions',
'Rotate exposed credentials (AWS, GitHub, npm, SSH, '
'Docker/Kubernetes)',
'Monitor for unauthorized access to cloud environments '
'and CI/CD pipelines',
'Implement stricter maintainer account security (MFA, '
'least privilege)',
'Enhance supply chain security for open-source packages'],
'references': [{'source': 'Socket.dev'},
{'source': 'Snyk'},
{'source': 'Microsoft'},
{'source': 'Socket Security'}],
'response': {'containment_measures': 'Deprecation/removal of malicious '
'packages',
'remediation_measures': 'Audit dependencies, pin safe versions, '
'rotate exposed credentials',
'third_party_assistance': 'Socket.dev, Snyk, Microsoft, Socket '
'Security'},
'threat_actor': 'Mini Shai-Hulud malware campaign',
'title': 'Major npm Supply Chain Attack Compromises Hundreds of AntV Packages '
'in Credential-Theft Campaign',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Hijacked maintainer accounts and automated '
'dependency updates'}