A major software supply chain attack has compromised hundreds of widely used npm packages tied to the AntV ecosystem, exposing developers and organizations to credential theft, malware delivery, and potentially broader infrastructure compromise.

Security researchers at Socket.dev and Snyk say the incident is linked to the ongoing “Mini Shai-Hulud” malware campaign, a rapidly evolving threat operation targeting the JavaScript ecosystem through hijacked maintainer accounts and poisoned package updates.

Hundreds of Packages Affected

According to researchers, attackers compromised the npm maintainer account “atool” and used it to publish malicious versions across more than 300 packages i...