Mini Shai-Hulud npm Worm Hits 317 More Packages (May 19, 2026) | Let's Data Science
Source: Letsdatascience
Published:
<p>At some point on Tuesday morning, an npm account called atool published a new version of echarts-for-react , a React wrapper for Apache ECharts that pulls roughly 1.1 million weekly downloads . The version did not contain a charting fix. It contained a 498KB obfuscated Bun bundle whose first job