314 npm packages just got compromised, 271 @antv, echarts-for-react, size-sensor, timeago.js (safedep.io)

vnzn@mas.to

314 npm packages just got compromised, 271 @antv, echarts-for-react, size-sensor, timeago.js (safedep.io)

Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.

SafeDep - Real-time Open Source Software Supply Chain Security (safedep.io)

#npm #supplychain #attack #security