The campaign, identified on May 19, 2026, appears to form part of the Mini Shai-Hulud malware wave, a self-spreading operation that has already affected other developer ecosystems through compromised open-source packages. The latest activity centres on data visualisation, charting, graphing, mapping and React component libraries used across enterprise dashboards, analytics platforms and front-end applications.
Investigators tracking the attack have identified 639 compromised package versions across 323 unique packages, with the largest concentration in the @antv namespace. Of those, 558 malicious versions were found across 279 @antv packages. The affected set includes widely used libraries such as @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/s2, @antv/f2, @antv/g, @antv/g2plot, @antv/graphin and @antv/data-set.
The compromise also extends beyond the @antv namespace to packages associated with the same maintainer account, including echarts-for-react, timeago. js, size-sensor and canvas-nest. js. Echarts-for-react alone draws about 1.1 million weekly downloads, underscoring the potential reach of the attack among React developers and organisations that rely on automated dependency updates.
The malicious versions use package installation as the point of execution. Compromised releases add a preinstall hook designed to run attacker-controlled code before the legitimate package is used. That technique gives the malware access to developer workstations, build machines and continuous integration environments at a stage where sensitive credentials are often present.
The payload is designed to harvest a wide range of secrets, including GitHub tokens, npm tokens, cloud credentials for Amazon Web Services, Google Cloud and Microsoft Azure, SSH keys, Kubernetes credentials, Vault secrets, Stripe keys and database connection strings. It also attempts to interact with Docker environments, raising the risk that a compromised build runner could expose broader infrastructure.
The stolen data is compressed, encrypted and sent to attacker-controlled infrastructure. Where direct exfiltration fails, the malware attempts a fallback method by using a victim’s GitHub token to create a public repository under that account and commit the stolen data as a JSON file. Repositories linked to the campaign have carried the reversed phrase “Shai-Hulud: Here We Go Again,” a marker associated with this malware family.
The propagation logic makes the incident more serious than a conventional package compromise. After stealing npm tokens, the malware checks whether those credentials are valid, enumerates packages maintained by the affected account, downloads package tarballs, injects malicious code, increments version numbers and republishes the altered packages using the compromised maintainer identity. That design allows the attack to move from one maintainer to another without relying on end-user interaction.
The AntV incident follows an expanding sequence of Mini Shai-Hulud activity across the JavaScript and Python ecosystems. Earlier waves affected packages connected to SAP-related development tooling, TanStack, Mistral AI, UiPath and other software projects. The campaign has evolved from isolated malicious publishes into attacks that exploit trusted publishing workflows and build systems, making ordinary package provenance checks less reliable.
Security teams are treating the AntV-linked wave as an active incident because package registries, mirrors and internal caches may continue to hold affected versions even after public takedowns. Organisations using the affected packages have been advised to audit dependency lockfiles, inspect builds that ran during the exposure window, remove compromised versions, and rotate credentials available to any system that installed them.
The greatest risk falls on CI/CD environments because they often hold tokens with access to source-code repositories, deployment pipelines, package registries and cloud infrastructure. A single malicious dependency install inside a build runner can expose credentials with permission to publish packages, alter repositories or deploy workloads.
The attack also highlights the growing weakness of implicit trust in open-source maintainers and automated release pipelines. Data visualisation libraries such as AntV are widely embedded in business intelligence tools, monitoring dashboards and customer-facing applications. Although the malicious code targets developers and infrastructure rather than ordinary website visitors, the downstream consequences can include source-code theft, poisoned builds and unauthorised access to cloud systems.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
