{"data":{"id":"b43d3515-9161-4390-b2a3-a008dec1b054","title":"AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks","summary":"The npm (node package manager, a repository for reusable code libraries) registry was attacked on May 19 when hackers compromised a maintainer account and published 637 malicious versions of 317 packages, including the popular AntV data visualization tool used by Alibaba. The malware, called Mini-Shai-Hulud worm, steals credentials like npm tokens, GitHub tokens, and passwords from cloud platforms and wallets. After detection, AntV's maintainers deleted the infected packages and marked remaining ones as deprecated, advising users to download only the latest verified versions.","solution":"According to AntV's GitHub warning, the infected packages have been deleted and remaining ones marked as deprecated. Users should identify and download the latest versions from a list of compromised packages. Beyond this, experts recommend developers look for signs of compromise in CI/CD (continuous integration/continuous deployment, automated systems that build and deploy code) environments and repositories, and rotate all credentials.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4173291/antv-data-visualization-tool-the-latest-to-be-hit-by-ongoing-npm-supply-chain-attacks-2.html","publishedAt":"2026-05-19T19:19:05.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["AntV","Alibaba","Claude","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-19T19:19:05.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}