Mini Shai-Hulud Strikes Again: npm Worm Compromises Hundreds of @antv Packages
Source: Aikido.Dev
Published:
<p>The npm supply chain campaign we have been tracking since April has launched another wave, this time compromising major packages in Alibaba's @antv suite along with echarts-for-react and timeago.js . Our malware team detected a large cluster of compromised package versions across hundreds of npm