Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem
A new wave of the Mini Shai-Hulud worm has compromised multiple npm packages across Alibaba's AntV data visualization ecosystem, including echarts-for-react and timeago.js. Stolen CI/CD secrets are being exfiltrated and dumped to thousands of public GitHub repositories as the attack spreads.
- Disclosed
- Last updated
- Blast radius
- Thousands of public GitHub repositories affected; multiple packages across Alibaba's AntV ecosystem and dependent projects compromised
- Attack vectors
- Threat actor
- Affected entities
- echarts-for-reactAntV ecosystem package
- timeago.jsAntV ecosystem package
- AntV ecosystem packagesMultiple packages across Alibaba's data visualization ecosystem
A renewed campaign of the Mini Shai-Hulud worm has targeted and compromised packages within Alibaba's AntV ecosystem—a widely-used data visualization library. Confirmed affected packages include echarts-for-react and timeago.js, among dozens of others across the ecosystem.
The attack exploits compromised npm accounts or packages to inject malicious code. Once executed, the worm harvests CI/CD secrets from affected development environments and exfiltrates them to attacker-controlled infrastructure.
Stolen credentials are being systematically dumped to thousands of public GitHub repositories, amplifying the blast radius and enabling downstream attacks against dependent projects and organizations that use these libraries.
The attack remains active and ongoing as of the publication date, with continued exploitation and credential exfiltration observed.
Remediation
- Review the linked advisory; remove or upgrade the affected component and rotate any exposed credentials.
Sources
Cite this entry
"Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed May 19, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/shai-hulud-here-we-go-again-mass-npm-supply-chain-attack-hits-the-antv-ecosystem-1kfeld
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.
TeamPCPnpmOtherAccount takeoverCompromised packageMalicious maintainer - activecritical
Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope
The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).
Shai-HuludnpmOtherCompromised packageBuild-system compromiseAccount takeover - activecritical
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan
A maintainer account for the widely-used axios npm package was compromised and used to publish poisoned versions 1.14.1 and 0.30.4. The malicious releases contained a hidden dependency that drops a cross-platform remote access trojan (RAT).
UNC1069npmAccount takeoverCompromised package - containedhigh
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
TeamPCP compromised 76 Trivy version tags on GitHub Actions in an overnight attack, followed by a similar KICS compromise using the same methodology. The attacks targeted credential exfiltration through malicious GitHub Actions.
TeamPCPOtherContainer registryCompromised packageAccount takeover