npm Under Siege: AntV Data Visualization Hijacked in Record-Breaking 22-Minute Supply Chain Attack

By

Breaking: AntV Data Visualization Hijacked in npm Supply Chain Attack

The npm registry has been hit by its fastest and broadest supply chain attack yet, compromising Alibaba's widely used AntV data visualization tools on May 19. Attackers published over 637 malicious package versions across 317 npm packages in just 22 minutes, seizing control of a major enterprise tool with millions of monthly downloads.

Key Details

The breach began after attackers compromised the npm account “atool” (i@hust.cc), maintainer of the timeago.js library and several Alibaba-associated packages. According to cybersecurity firm SafeDep, this account had high-level permissions to publish updates for popular tools including size-sensor (4.2M monthly downloads), echarts-for-react (3.8M), @antv/scale (2.2M), and timeago.js (1.15M).

“The attacker leveraged a single privileged account to rapidly deploy malware across hundreds of packages, making this one of the fastest supply chain attacks we’ve seen,” said a SafeDep analyst in a statement.

The malicious packages installed the Mini-Shai-Hulud worm, designed to steal npm tokens, GitHub credentials, and sensitive data from cloud platforms (AWS, GCP, Azure), Kubernetes, Docker, HashiCorp vaults, password managers, SSH keys, and Bitcoin wallets.

Background

This attack is the third major npm supply chain wave in 2025, each faster and more extensive than the last. Aikido Security tracked the progression: “It went from a handful of SAP packages in April, to 169 packages in the TanStack wave, to a much larger set of packages now. Each wave has been faster and broader than the last.”

The previous TanStack attack exploited a complex GitHub Actions cache poisoning flaw, whereas this incident used a simpler approach — credential theft from an npm maintainer account. The scale and speed of this attack, however, far surpass previous incidents, affecting the entire AntV namespace, a platform used for dashboards, UI components, and interactive applications across Asia, Europe, and the US.

What This Means

For organizations using AntV or any of the compromised packages — including size-sensor, echarts-for-react, @antv/scale, or timeago.js — immediate action is critical. The worm is also capable of persistence via a Python backdoor at ~/.local/share/kitty/cat.py, although security firm Wiz noted this function is not yet active. Additionally, the malware attempts to modify Claude Code’s settings.json to stealthily reinstall itself with full LLM privileges even after infected npm packages are removed.

“The attackers are building a worm that can survive cleanup and maintain access through AI-assisted toolchains,” warned a Wiz researcher. “This is a new level of sophistication in npm attacks.”

The stolen data is being exfiltrated to public GitHub repositories labeled with Dune-themed names. Over 2,500 such repositories appeared within hours of the attack, each description containing the reversed string “niagA oG eW ereH :duluH-iahS” (“Shai-Hulud: Here We Go Again” backwards). The attackers, calling themselves TeamPCP, appear to be using these repos as data drops.

Immediate Actions for Developers

• Audit all npm packages in your project against SafeDep’s list of 317 compromised packages.
• Rotate all npm and GitHub tokens immediately if your CI/CD used any of the affected packages.
• Check for new Dune-themed public repositories under your organization’s GitHub account.
• Consider enabling npm package signing and requiring MFA for all maintainer accounts.

AntV maintainers have issued a warning on GitHub urging developers to review their dependencies. Meanwhile, npm has not yet released a comprehensive response plan for this incident.

Looking Forward

This attack underscores the vulnerability of open-source supply chains and the escalating speed of malware campaigns. As Aikido Security noted, the trend is clear: each wave is faster, broader, and more damaging. Without fundamental changes to package registry security and maintainer account protections, similar incidents are likely to continue.

For a deeper dive into protecting against npm supply chain attacks, see our security guide.

This is a breaking news story. Information may change as more details emerge.

Related Articles

• Celebrating Fedora’s Champions: Mentors and Contributors Recognition 2026
• Mastering the Priestess Boss in Saros: A Complete Q&A Guide
• How to Leverage Flutter 3.41 for Faster Development and Predictable Releases
• How to Identify and Prepare for Open-Source Project Sunsetting: Lessons from Intel's Recent Archiving
• NVIDIA-Powered Hermes Agent Redefines Local AI with Self-Learning Capabilities, Surpassing 140K GitHub Stars
• Reviving Abandoned Open Source: A Practical Guide to Forking and Maintaining Critical Projects
• GitHub Halts Copilot Pro Sign-Ups, Tightens Limits Amid Surging AI Compute Demands
• Exploring Diffusion Models for Video Generation: Key Questions Answered