<![CDATA[314 npm packages just got compromised, 271 @antv, echarts-for-react, size-sensor, timeago.js (safedep.io)]]>314 npm packages just got compromised, 271 @antv, echarts-for-react, size-sensor, timeago.js (safedep.io)

Link Preview Image
Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised

A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.

favicon

SafeDep - Real-time Open Source Software Supply Chain Security (safedep.io)

]]>https://board.circlewithadot.net/topic/caf022db-18e2-4e6e-94e3-3e6f2d6ee292/314-npm-packages-just-got-compromised-271-@antv-echarts-for-react-size-sensor-timeago.js-safedep.ioRSS for NodeSat, 13 Jun 2026 08:22:30 GMTTue, 19 May 2026 19:37:12 GMT60