Discussion

• @msftsecintel @msftsecintel on x

  Microsoft is investigating a new, emerging Mini Shai-Hulud npm supply chain attack targeting antv packages. Attackers compromised an antv maintainer account and published malicious versions of multiple widely used packages (for example, antv/g2). As these packages are widely [ima…

• @socketsecurity @socketsecurity on x

  🚨 BREAKING: Socket is investigating an active npm supply chain attack compromising hundreds of packages in the @antv ecosystem. The malicious publish wave appears tied to Mini Shai-Hulud and packages connected to the npm maintainer account atool. [image]

• @adnanthekhan Adnan Khan on x

  This one is really, really bad. https://github.com/... Starting to be hard to call this one “Mini Shai-Hulud”

• @theo @theo on x

  Hey, npm? You there? It's time to wake up and do literally anything at all about this

• @zackkorman Zack Korman on x

  Might be a dumb question, but how are devs on personal machines supposed to catch this? Or do a lot of them just stay pwned and never know it? [image]

• @felixiscoding Guilherme Dos Santos on x

  how installing an npm package feels nowadays [image]

• @socketsecurity @socketsecurity on x

  We published our technical analysis. The @ antv payload includes worm-like npm propagation logic: validate stolen npm tokens, enumerate packages, inject the payload, bump versions, and republish under the compromised maintainer identity. This is why these attacks can move so