3 matches found
Malicious code in @antv/dom-util (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3873 Malicious code in @antv/dom-util (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
1g6table (=0.1.0), 7qb (=0.0.17) +1266 more potentially affected by unknown CVE via @antv/dom-util (>=2.0.2 <=2.0.4)
@antv/dom-util NPM version =2.0.2, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =0.2.0, =1.1.15, =1.0.4, =2.1.0 - @alifd/ice-devtools =1.1.14-beta.4 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVDOMUTIL-16754419...