Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer account atool, includin...

Malicious code in @antv/f2-vue (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/d3-color (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +63 more potentially affected by unknown CVE via @antv/x6-plugin-transform (>=2.1.7 <=2.1.8)

@antv/x6-plugin-transform NPM version =2.1.7, =2.0.1, =0.0.1, =0.0.2, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =0.0.3, =0.0.2, =0.0.64 - @rxdrag/uml-editor =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4111...

@action.sustainability/storybook-dashboard (>=0.1.1 <=0.1.5), @agentlab/ldkg-ui-charts (>=0.1.4 <=0.1.7) +171 more potentially affected by unknown CVE via @antv/xflow-hook (>=1.0.0 <=1.1.52)

@antv/xflow-hook NPM version =1.0.0, =0.1.1, =0.1.4, =1.1.15, =0.1.0, =1.3.0, =1.0.1, =1.0.0, =1.0.0, =1.0.0, =0.0.0, =1.0.0, =1.0.0, =0.2.0, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4122...

Malicious code in @antv/g-plugin-image-loader (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

1byte-react-design (>=1.7.1 <=1.14.0), @agentscope-ai/chat (>=1.1.43 <=1.1.63-beta.1778041790294) +234 more potentially affected by unknown CVE via @antv/g-plugin-dragndrop (>=2.0.0 <=2.1.1)

@antv/g-plugin-dragndrop NPM version =2.0.0, =1.7.1, =1.1.43, =5.0.48, =1.0.1, =2.0.0, =2.0.0, =1.0.0, =2.0.0, =3.0.3, =3.0.0, =0.5.6, =1.0.0, =1.0.0, =1.0.0, =5.1.5, =5.4.8 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-3943...

Malicious code in @antv/l7-maps (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/x6-plugin-selection (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/x6-plugin-dnd (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

Malicious code in @antv/l7plot (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@aidps/canvas-flow (>=1.0.0 <=1.0.1), @antv/xflow (>=2.0.1 <=2.2.4) +76 more potentially affected by unknown CVE via @antv/x6-plugin-clipboard (=2.1.6)

@antv/x6-plugin-clipboard NPM version =2.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-plugin-clipboard and may be impacted: - @aidps/canvas-flow =1.0.0, =2.0.1, =0.0.1, =0.0.2, =1.0.0-beta.46, =0.0.4, =0.0.3, =2.0.4, =0.0.27, =3.0.0,...

@antv/gpt-vis (>=0.6.0 <=0.6.1), @antv/gpt-vis-ssr (>=0.3.4 <=0.3.7) +17 more potentially affected by unknown CVE via @antv/s2 (>=2.0.0-next.25 <=2.7.0)

@antv/s2 NPM version =2.0.0-next.25, =0.6.0, =0.3.4, =0.0.1, =1.0.0-alpha18, =0.5.63, =0.5.66, =0.0.1, =0.1.1, =0.0.21, =1.0.5, =0.0.1-alpha.0, =0.0.1-beta.3 - qbi-charts =1.0.17 and more Source cves: unknown CVE Source advisory: OSV:MAL-2026-4077...

@kqinfo/ui (=1.2.12), ai-sales-card (=1.4.1) potentially affected by unknown CVE via @antv/wx-f2 (=2.1.1)

@antv/wx-f2 NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/wx-f2 and may be impacted: - @kqinfo/ui =1.2.12 - ai-sales-card =1.4.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4097...

@antv/xflow (>=2.0.1 <=2.2.4), @antv/xflow-diff (=1.0.0) +42 more potentially affected by unknown CVE via @antv/x6-plugin-export (=2.1.6)

@antv/x6-plugin-export NPM version =2.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/x6-plugin-export and may be impacted: - @antv/xflow =2.0.1, =0.0.1, =0.0.1, =0.0.3, =0.6.1, =0.1.27, =0.1.1, =0.0.4, =2.0.4, =0.0.27, =3.0.0, =0.0.3, =0.3.2...

Malicious code in @antv/g-lite (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

@haloe/mobile-pro (>=0.0.1 <=4.1.0) potentially affected by unknown CVE via @antv/f2-vue (=4.0.33)

@antv/f2-vue NPM version =4.0.33 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f2-vue and may be impacted: - @haloe/mobile-pro =0.0.1, =4.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3897...

@antv/f6 (>=0.0.2 <=0.0.19), @antv/f6-element (=0.0.1) +4 more potentially affected by unknown CVE via @antv/f6-core (=0.0.2)

@antv/f6-core NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/f6-core and may be impacted: - @antv/f6 =0.0.2, =1.0.0, =1.1.2-5.2, =2.0.1, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3902...