§ safety · storyline

Threat actors publish 600+ malicious npm packages in Shai-Hulud

Threat actors published over 600 malicious npm packages in the Shai-Hulud supply chain campaign, targeting primarily the @antv ecosystem.

today · 00:20:00 · primary fetch1 sourceupdated today · 00:20:00

Bill Toulas / BleepingComputer: Threat actors published 600+ malicious versions to npm as part of the Shai-Hulud supply chain campaign; most of the affected packages are in the @antv ecosystem — Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign.

read full article on techmeme.com ↗

§ sources1 publication · timeline below

techmeme.comThreat actors published 600+ malicious versions to npm as part of the Shai-Hulud supply chain campaign; most of the affected packages are in the @antv ecosystem (Bill Toulas/BleepingComputer)primary00:20:00