In brief

Microsoft reports an active npm supply-chain attack against the @antv package ecosystem, after a threat actor compromised an @antv maintainer account and published malicious versions of widely used data-visualization packages. The compromise spread through dependency chains into downstream projects such as echarts-for-react, extending the risk into CI/CD pipelines and cloud workloads. The malicious payload was an obfuscated JavaScript file that executed during npm install through a preinstall hook and was designed to run specifically in Linux-based GitHub Actions environments.

The malware, described as “Mini Shai Hulud,” targeted credentials across GitHub, AWS, HashiCorp Vault, npm, Kubernetes, and 1Password, and could scrape GitHub Actions runner memory to bypass normal secret masking. It also attempted privilege escalation, dual-channel exfiltration, repository manipulation, and forged SLSA provenance attestations to appear legitimate. GitHub responded by removing 640 malicious packages, invalidating more than 61,000 npm granular access tokens with write permissions and 2FA bypass, publishing advisories, and issuing Dependabot and npm audit alerts. Microsoft recommends reviewing dependency trees, identifying affected builds, pinning known-good versions, disabling install scripts where possible, rotating exposed credentials, and auditing GitHub accounts for suspicious public repositories.

Source: Microsoft Security Blog