Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.
"The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly
source https://thehackernews.com/2026/05/mini-shai-hulud-pushes-malicious-antv.html
source https://thehackernews.com/2026/05/mini-shai-hulud-pushes-malicious-antv.html
