320+ @antv NPM Packages Compromised in Mini Shai-Hulud Attack

Overview of the Mini Shai-Hulud Campaign

Security researchers have identified a fresh wave of Supply Chain Attack activity targeting the NPM ecosystem, specifically focusing on the @antv namespace. This campaign, dubbed “Mini Shai-Hulud,” resulted in the compromise of over 320 individual packages used extensively for data visualization and enterprise UI development. According to SecurityWeek, the incident originated from a compromised maintainer account, which allowed attackers to publish malicious versions of legitimate libraries.

This incident highlights the persistent risk of account takeover in the JavaScript ecosystem. The @antv scope is a highly popular set of tools maintained by Ant Group (Alibaba), including libraries such as G2, G6, and X6. Because these packages are integrated into thousands of enterprise applications, the potential blast radius for data exfiltration is significant. To protect development environments, security teams must understand how to detect Mini Shai-Hulud malicious packages within their automated build pipelines and developer workstations.

Technical Analysis: The TTPs of the Compromise

The TTP employed in this campaign mirrors previous Shai-Hulud iterations but focuses on a high-value, specific namespace rather than broad typosquatting. The attackers leveraged a compromised maintainer account to bypass the usual friction of gaining trust in the ecosystem. Once the account was accessed, the attackers automated the publication of new versions for hundreds of packages simultaneously.

The malicious payload typically functions as a data stealer. Upon installation, the code executes a post-install script or an obfuscated function that scans the environment for sensitive information. This often includes:

• Environment variables (e.g., AWS_ACCESS_KEY_ID, GITHUB_TOKEN).
• Local .env files containing database credentials.
• System metadata and user information.

Once collected, this data is sent back to an attacker-controlled C2 server. Because the malicious code is embedded within a trusted, signed package from a legitimate namespace, many traditional EDR tools and SIEM platforms may not immediately flag the outbound traffic as suspicious. This makes the identification of a specific IoC related to the campaign’s network activity essential for the SOC.

Impact on CI/CD Pipelines

In many modern development workflows, the build process automatically pulls the latest minor or patch versions of dependencies. If an organization’s configuration used carats or tildes for the @antv scope, their CI/CD pipelines would have automatically ingested the malicious updates. This could lead to a scenario where production build environments are compromised, potentially allowing for Lateral Movement within the cloud infrastructure if the exfiltrated keys have high permissions.

Remediation: Mini Shai-Hulud NPM Supply Chain Attack Mitigation

Responding to this threat requires a multi-layered approach to verify the integrity of the local dependency tree. Organizations utilizing any libraries from the @antv scope should execute the following Mini Shai-Hulud npm supply chain attack mitigation steps immediately:

1. Dependency Auditing: Inspect package-lock.json or yarn.lock files for specific versions of @antv packages published during the window of compromise. Cross-reference these with known clean versions listed on the official NPM registry.
2. Credential Rotation: Treat any secrets stored in environment variables on developer machines or CI/CD runners as compromised. Rotate AWS keys, GitHub tokens, and database passwords that were active during the installation of the affected packages.
3. Strict Version Pinning: Move away from dynamic version ranges and adopt strict version pinning. Implement a Zero Trust approach to third-party code by requiring manual approval for dependency updates.
4. Namespace Verification: Use tools that can verify the integrity of the @antv namespace and alert on sudden mass-updates from a single maintainer, which is often a signal of account compromise.

By following these steps, organizations can reduce the risk of further data exfiltration and harden their supply chain against future maintainer-based attacks.