AI/TLDR

npm · 2026-05-19 · major

Mini Shai-Hulud Strikes Again — A Hijacked npm Account Pushed 637 Malicious Versions Across 314 AntV-Ecosystem Packages

A hijacked npm maintainer account published 637 malicious versions across 314 packages on May 19, including AntV charting libraries and echarts-for-react. The Bun-based payload harvests cloud credentials and self-propagates via stolen tokens.

Diagram of the AntV npm supply-chain attack flow

A copycat of the Shai-Hulud worm poisoned hundreds of widely-used npm packages in a 22-minute automated burst.

Key specs

Packages compromised314
Malicious versions637
Weekly downloads affected~16M
Attack duration22 minutes

What is it?

Mini Shai-Hulud is a credential-stealing supply-chain campaign that abuses compromised npm maintainer accounts to publish malware-laced package versions. On May 19, 2026 the attacker took over the 'atool' account and pushed 637 malicious versions across 314 packages, many of them AntV charting libraries plus high-traffic dependencies like echarts-for-react, size-sensor, and timeago.js.

How does it work?

Each poisoned package runs a 498KB obfuscated Bun script from a preinstall hook. It scans the build environment for AWS, GCP, Azure, GitHub, npm, SSH, Vault, and Kubernetes credentials plus local password-manager vaults, then exfiltrates them through git commits to public repos and an HTTPS channel disguised as OpenTelemetry traffic. It also injects CI workflows, hijacks AI-agent session hooks, and converts GitHub Actions tokens into npm publish tokens to spread further.

Why does it matter?

The affected packages pull roughly 16 million weekly downloads, so any CI run or developer install during the window could have leaked secrets. Anyone who installed an 'atool' package version dated May 19 should rotate every credential reachable from that build environment and audit their lockfiles.

Who is it for?

JavaScript developers and CI/CD operators

Try it

Audit lockfiles for atool packages dated 2026-05-19 and rotate any exposed credentials

Sources · 4 outlets

Tags

  • supply-chain-attack
  • npm
  • shai-hulud
  • security
  • credential-theft
  • antv
  • malware
  • open-source

← All releases · Learn AI