About:
Mini Shai-Hulud is an active npm supply chain attack that compromised over 300 packages within the AntV ecosystem by hijacking a maintainer account and publishing hundreds of malicious package versions. The campaign leveraged obfuscated preinstall scripts to steal sensitive credentials from developer machines, CI/CD pipelines, and cloud environments, with the added ability to propagate further compromises using stolen access. Immediate removal of affected packages, credential rotation, and environment audits are critical to mitigate risk.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
PoC or Exploitation:
Active malicious package publication and supply chain compromise is confirmed. The campaign has been linked to repeated Mini Shai-Hulud activity previously observed against TanStack packages, SAP-related packages, Mistral AI integrations, and other ecosystems.
Update / Patch:
Security researchers identified 637 malicious versions across 323 npm packages after compromise of the npm maintainer account "atool".
The malicious publication activity occurred in two automated waves on May 19, 2026 between 01:39 UTC and 02:06 UTC, with exposure risk extending until approximately 02:18 UTC.
Impacted package families include:
Description:
Mini Shai-Hulud is an active npm supply chain malware campaign that expanded into Alibaba's AntV visualization ecosystem and associated JavaScript libraries. The attack abuses compromised maintainer accounts to rapidly publish trojanized package versions that execute malicious code during dependency installation.
The malicious packages modified installation behavior by introducing preinstall execution hooks including:
"preinstall": "bun run index.js"
Payloads were heavily obfuscated and designed to evade static inspection using runtime decoding, lookup tables, and custom decryption routines. Once executed, the malware attempted large-scale credential harvesting from developer workstations and CI/CD environments.
Observed targets include:
Researchers additionally observed self-propagation capability where stolen credentials could be reused to compromise additional repositories and publish further malicious package versions.
The campaign also demonstrated GitHub abuse behavior where stolen credentials were leveraged to create rogue repositories and exfiltrate harvested data. Public reporting identified more than 2,700 Dune-themed repositories associated with broader Mini Shai-Hulud activity.
Mitigation Recommendation:
Immediately identify and remove compromised AntV and associated npm package versions from development environments.
Rotate all credentials that may have been accessible to affected build systems including: