[{"ecosystem":"npm","name":"forge-jsxy","href":"/ti/packages/npm/forge-jsxy","description":"forge-jsxy is the Wave 2 successor to forge-jsx, published after npm took down the original. It poses as an Autodesk Forge SDK and deploys a full-featured cross-platform RAT with keylogging, .env scanning, shell history exfiltration, Chromium extension LevelDB harvesting across 21+ browsers, cryptocurrency wallet scanning (BIP39/Solana/secp256k1), Discord screenshot exfiltration via bot webhooks, Hugging Face Hub data uploads, WebRTC P2P channels, durable persistence outside node_modules, and relay-pushed auto-upgrades. C2 at 204.10.194.247.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent","crypto_drainer"],"versions":["1.0.66","1.0.67","1.0.68","1.0.69","1.0.70","1.0.71","1.0.72","1.0.73","1.0.74","1.0.75","1.0.76","1.0.77","1.0.78","1.0.79","1.0.80","1.0.81","1.0.82","1.0.83","1.0.84","1.0.85","1.0.86","1.0.91"],"campaigns":["forge-jsx RAT"],"discovered_at":"2026-05-26"},{"ecosystem":"npm","name":"polymarket-trading-cli","href":"/ti/packages/npm/polymarket-trading-cli","description":"polymarket-trading-cli is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-terminal","href":"/ti/packages/npm/polymarket-terminal","description":"polymarket-terminal is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-trade","href":"/ti/packages/npm/polymarket-trade","description":"polymarket-trade is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-auto-trade","href":"/ti/packages/npm/polymarket-auto-trade","description":"polymarket-auto-trade is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-copy-trading","href":"/ti/packages/npm/polymarket-copy-trading","description":"polymarket-copy-trading is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-bot","href":"/ti/packages/npm/polymarket-bot","description":"polymarket-bot is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-claude-code","href":"/ti/packages/npm/polymarket-claude-code","description":"polymarket-claude-code is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-ai-agent","href":"/ti/packages/npm/polymarket-ai-agent","description":"polymarket-ai-agent is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-trader","href":"/ti/packages/npm/polymarket-trader","description":"polymarket-trader is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"art-template","href":"/ti/packages/npm/art-template","description":"art-template is identified in the SafeDep analysis \"art-template npm Hijack Delivers iOS Browser Exploit Kit\". art-template versions 4.13.3 through 4.13.6 were compromised via maintainer account takeover. The browser bundle injects scripts that deliver a full iOS exploit kit: WebAssembly type confusion, JIT heap spray, ASLR bypass via dyld cache parsing, and 31KB of ARM64 shellcode targeting iPhone and iPad.","threat_types":["other"],"versions":["4.13.3"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-05-20"},{"ecosystem":"pypi","name":"durabletask","href":"/ti/packages/pypi/durabletask","description":"durabletask is identified in the SafeDep analysis \"Malicious durabletask on PyPI: Multi-Cloud Credential Stealer with Worm Capabilities\". Three compromised versions of the Microsoft durabletask Python SDK (1.4.1, 1.4.2, 1.4.3) were published to PyPI, each downloading a stage-2 payload that steals credentials from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, and password managers, then propagates to other hosts via SSM and kubectl exec.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["0.1.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-20"},{"ecosystem":"npm","name":"ai-figure","href":"/ti/packages/npm/ai-figure","description":"ai-figure is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.5.0","0.6.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"amapcn","href":"/ti/packages/npm/amapcn","description":"amapcn is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.2","0.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/a8","href":"/ti/packages/npm/@antv/a8","description":"@antv/a8 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/adjust","href":"/ti/packages/npm/@antv/adjust","description":"@antv/adjust is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.5","0.4.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/algorithm","href":"/ti/packages/npm/@antv/algorithm","description":"@antv/algorithm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.26","0.3.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/async-hook","href":"/ti/packages/npm/@antv/async-hook","description":"@antv/async-hook is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.9","2.4.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/attr","href":"/ti/packages/npm/@antv/attr","description":"@antv/attr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.5","0.5.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/ava","href":"/ti/packages/npm/@antv/ava","description":"@antv/ava is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.5.1","3.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/ava-react","href":"/ti/packages/npm/@antv/ava-react","description":"@antv/ava-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.4.2","3.5.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/awards","href":"/ti/packages/npm/@antv/awards","description":"@antv/awards is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.9","0.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/calendar-heatmap","href":"/ti/packages/npm/@antv/calendar-heatmap","description":"@antv/calendar-heatmap is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.2","1.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/chart-linter","href":"/ti/packages/npm/@antv/chart-linter","description":"@antv/chart-linter is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.6","1.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/chart-node-g6","href":"/ti/packages/npm/@antv/chart-node-g6","description":"@antv/chart-node-g6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/chart-visualization-skills","href":"/ti/packages/npm/@antv/chart-visualization-skills","description":"@antv/chart-visualization-skills is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.3","0.3.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/ckb","href":"/ti/packages/npm/@antv/ckb","description":"@antv/ckb is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/color-schema","href":"/ti/packages/npm/@antv/color-schema","description":"@antv/color-schema is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.3","0.4.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/color-util","href":"/ti/packages/npm/@antv/color-util","description":"@antv/color-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.6","2.2.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/component","href":"/ti/packages/npm/@antv/component","description":"@antv/component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.11","2.3.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/coord","href":"/ti/packages/npm/@antv/coord","description":"@antv/coord is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.5.7","0.6.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/d3-color","href":"/ti/packages/npm/@antv/d3-color","description":"@antv/d3-color is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/d3-interpolate","href":"/ti/packages/npm/@antv/d3-interpolate","description":"@antv/d3-interpolate is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.3","1.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/data-samples","href":"/ti/packages/npm/@antv/data-samples","description":"@antv/data-samples is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/data-set","href":"/ti/packages/npm/@antv/data-set","description":"@antv/data-set is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.12.8","0.13.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/data-wizard","href":"/ti/packages/npm/@antv/data-wizard","description":"@antv/data-wizard is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dipper-component","href":"/ti/packages/npm/@antv/dipper-component","description":"@antv/dipper-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dipper-hooks","href":"/ti/packages/npm/@antv/dipper-hooks","description":"@antv/dipper-hooks is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.1","0.4.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dipper-map","href":"/ti/packages/npm/@antv/dipper-map","description":"@antv/dipper-map is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.10","1.2.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dom-util","href":"/ti/packages/npm/@antv/dom-util","description":"@antv/dom-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dumi-theme-antv","href":"/ti/packages/npm/@antv/dumi-theme-antv","description":"@antv/dumi-theme-antv is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.4","0.9.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-analyzer","href":"/ti/packages/npm/@antv/dw-analyzer","description":"@antv/dw-analyzer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.5","1.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-random","href":"/ti/packages/npm/@antv/dw-random","description":"@antv/dw-random is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.7","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-transform","href":"/ti/packages/npm/@antv/dw-transform","description":"@antv/dw-transform is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.7","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-util","href":"/ti/packages/npm/@antv/dw-util","description":"@antv/dw-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.4","1.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/event-emitter","href":"/ti/packages/npm/@antv/event-emitter","description":"@antv/event-emitter is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.3","0.3.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/expr","href":"/ti/packages/npm/@antv/expr","description":"@antv/expr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2","href":"/ti/packages/npm/@antv/f2","description":"@antv/f2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.15.0","5.16.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-algorithm","href":"/ti/packages/npm/@antv/f2-algorithm","description":"@antv/f2-algorithm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.8.0","5.9.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-canvas","href":"/ti/packages/npm/@antv/f2-canvas","description":"@antv/f2-canvas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.5","1.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-context","href":"/ti/packages/npm/@antv/f2-context","description":"@antv/f2-context is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-graphic","href":"/ti/packages/npm/@antv/f2-graphic","description":"@antv/f2-graphic is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.16","0.2.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-my","href":"/ti/packages/npm/@antv/f2-my","description":"@antv/f2-my is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.52","4.2.52"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-react","href":"/ti/packages/npm/@antv/f2-react","description":"@antv/f2-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.15.0","5.16.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-site","href":"/ti/packages/npm/@antv/f2-site","description":"@antv/f2-site is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.42","4.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-vue","href":"/ti/packages/npm/@antv/f2-vue","description":"@antv/f2-vue is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.33","4.2.33"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-wordcloud","href":"/ti/packages/npm/@antv/f2-wordcloud","description":"@antv/f2-wordcloud is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.15.0","5.16.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-wx","href":"/ti/packages/npm/@antv/f2-wx","description":"@antv/f2-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.51","4.2.51"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6","href":"/ti/packages/npm/@antv/f6","description":"@antv/f6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.19","0.2.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-alipay","href":"/ti/packages/npm/@antv/f6-alipay","description":"@antv/f6-alipay is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.7","0.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-core","href":"/ti/packages/npm/@antv/f6-core","description":"@antv/f6-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-element","href":"/ti/packages/npm/@antv/f6-element","description":"@antv/f6-element is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-hammerjs","href":"/ti/packages/npm/@antv/f6-hammerjs","description":"@antv/f6-hammerjs is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-plugin","href":"/ti/packages/npm/@antv/f6-plugin","description":"@antv/f6-plugin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.6","1.2.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-ui","href":"/ti/packages/npm/@antv/f6-ui","description":"@antv/f6-ui is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.3","1.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-wx","href":"/ti/packages/npm/@antv/f6-wx","description":"@antv/f6-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.7","0.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-charts","href":"/ti/packages/npm/@antv/f-charts","description":"@antv/f-charts is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.0","0.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-engine","href":"/ti/packages/npm/@antv/f-engine","description":"@antv/f-engine is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-lottie","href":"/ti/packages/npm/@antv/f-lottie","description":"@antv/f-lottie is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-my","href":"/ti/packages/npm/@antv/f-my","description":"@antv/f-my is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-react","href":"/ti/packages/npm/@antv/f-react","description":"@antv/f-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-test-utils","href":"/ti/packages/npm/@antv/f-test-utils","description":"@antv/f-test-utils is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.9","1.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-vue","href":"/ti/packages/npm/@antv/f-vue","description":"@antv/f-vue is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-wx","href":"/ti/packages/npm/@antv/f-wx","description":"@antv/f-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2","href":"/ti/packages/npm/@antv/g2","description":"@antv/g2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.5.8","5.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-brush","href":"/ti/packages/npm/@antv/g2-brush","description":"@antv/g2-brush is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-extension-3d","href":"/ti/packages/npm/@antv/g2-extension-3d","description":"@antv/g2-extension-3d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-extension-ava","href":"/ti/packages/npm/@antv/g2-extension-ava","description":"@antv/g2-extension-ava is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-extension-plot","href":"/ti/packages/npm/@antv/g2-extension-plot","description":"@antv/g2-extension-plot is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.2","0.4.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2plot","href":"/ti/packages/npm/@antv/g2plot","description":"@antv/g2plot is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.35","2.6.35"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2plot-schemas","href":"/ti/packages/npm/@antv/g2plot-schemas","description":"@antv/g2plot-schemas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.2","1.4.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-plugin-slider","href":"/ti/packages/npm/@antv/g2-plugin-slider","description":"@antv/g2-plugin-slider is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-ssr","href":"/ti/packages/npm/@antv/g2-ssr","description":"@antv/g2-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g","href":"/ti/packages/npm/@antv/g","description":"@antv/g is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["6.4.1","6.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6","href":"/ti/packages/npm/@antv/g6","description":"@antv/g6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.2.1","5.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-alipay","href":"/ti/packages/npm/@antv/g6-alipay","description":"@antv/g6-alipay is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-cli","href":"/ti/packages/npm/@antv/g6-cli","description":"@antv/g6-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-core","href":"/ti/packages/npm/@antv/g6-core","description":"@antv/g6-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.24","0.9.24"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-editor","href":"/ti/packages/npm/@antv/g6-editor","description":"@antv/g6-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.0","1.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-element","href":"/ti/packages/npm/@antv/g6-element","description":"@antv/g6-element is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.25","0.9.25"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-extension-3d","href":"/ti/packages/npm/@antv/g6-extension-3d","description":"@antv/g6-extension-3d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.23","0.3.23"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-extension-react","href":"/ti/packages/npm/@antv/g6-extension-react","description":"@antv/g6-extension-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.7","0.4.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-mobile","href":"/ti/packages/npm/@antv/g6-mobile","description":"@antv/g6-mobile is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.2","0.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-pc","href":"/ti/packages/npm/@antv/g6-pc","description":"@antv/g6-pc is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.25","0.9.25"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-plugin","href":"/ti/packages/npm/@antv/g6-plugin","description":"@antv/g6-plugin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.25","0.9.25"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-plugin-map-view","href":"/ti/packages/npm/@antv/g6-plugin-map-view","description":"@antv/g6-plugin-map-view is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-plugins","href":"/ti/packages/npm/@antv/g6-plugins","description":"@antv/g6-plugins is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.9","1.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-react-node","href":"/ti/packages/npm/@antv/g6-react-node","description":"@antv/g6-react-node is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.8","1.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-ssr","href":"/ti/packages/npm/@antv/g6-ssr","description":"@antv/g6-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-wx","href":"/ti/packages/npm/@antv/g6-wx","description":"@antv/g6-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gatsby-theme","href":"/ti/packages/npm/@antv/gatsby-theme","description":"@antv/gatsby-theme is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-base","href":"/ti/packages/npm/@antv/g-base","description":"@antv/g-base is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.16","0.7.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-camera-api","href":"/ti/packages/npm/@antv/g-camera-api","description":"@antv/g-camera-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.45","2.2.45"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-canvas","href":"/ti/packages/npm/@antv/g-canvas","description":"@antv/g-canvas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.0","2.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-canvaskit","href":"/ti/packages/npm/@antv/g-canvaskit","description":"@antv/g-canvaskit is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-compat","href":"/ti/packages/npm/@antv/g-compat","description":"@antv/g-compat is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.11","1.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-components","href":"/ti/packages/npm/@antv/g-components","description":"@antv/g-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.42","2.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-css-layout-api","href":"/ti/packages/npm/@antv/g-css-layout-api","description":"@antv/g-css-layout-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.38","1.2.38"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-css-typed-om-api","href":"/ti/packages/npm/@antv/g-css-typed-om-api","description":"@antv/g-css-typed-om-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.38","1.2.38"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-device-api","href":"/ti/packages/npm/@antv/g-device-api","description":"@antv/g-device-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.7.13","1.8.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-dom-mutation-observer-api","href":"/ti/packages/npm/@antv/g-dom-mutation-observer-api","description":"@antv/g-dom-mutation-observer-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.42","2.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/geo-coord","href":"/ti/packages/npm/@antv/geo-coord","description":"@antv/geo-coord is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.8","1.2.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-gesture","href":"/ti/packages/npm/@antv/g-gesture","description":"@antv/g-gesture is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.42","3.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-advance","href":"/ti/packages/npm/@antv/gi-assets-advance","description":"@antv/gi-assets-advance is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.6.22","2.7.22"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-algorithm","href":"/ti/packages/npm/@antv/gi-assets-algorithm","description":"@antv/gi-assets-algorithm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.19","2.5.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-basic","href":"/ti/packages/npm/@antv/gi-assets-basic","description":"@antv/gi-assets-basic is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.40","2.6.40"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-galaxybase","href":"/ti/packages/npm/@antv/gi-assets-galaxybase","description":"@antv/gi-assets-galaxybase is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.15","1.4.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-graphscope","href":"/ti/packages/npm/@antv/gi-assets-graphscope","description":"@antv/gi-assets-graphscope is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.15","2.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-hugegraph","href":"/ti/packages/npm/@antv/gi-assets-hugegraph","description":"@antv/gi-assets-hugegraph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.15","1.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-janusgraph","href":"/ti/packages/npm/@antv/gi-assets-janusgraph","description":"@antv/gi-assets-janusgraph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.15","1.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-neo4j","href":"/ti/packages/npm/@antv/gi-assets-neo4j","description":"@antv/gi-assets-neo4j is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.15","2.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-scene","href":"/ti/packages/npm/@antv/gi-assets-scene","description":"@antv/gi-assets-scene is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.21","2.4.21"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-tugraph","href":"/ti/packages/npm/@antv/gi-assets-tugraph","description":"@antv/gi-assets-tugraph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.15","2.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-tugraph-analytics","href":"/ti/packages/npm/@antv/gi-assets-tugraph-analytics","description":"@antv/gi-assets-tugraph-analytics is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.15","0.4.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-xlab","href":"/ti/packages/npm/@antv/gi-assets-xlab","description":"@antv/gi-assets-xlab is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.30","0.3.30"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-cli","href":"/ti/packages/npm/@antv/gi-cli","description":"@antv/gi-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.11","1.4.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-common-components","href":"/ti/packages/npm/@antv/gi-common-components","description":"@antv/gi-common-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.4.16","1.5.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-image-exporter","href":"/ti/packages/npm/@antv/g-image-exporter","description":"@antv/g-image-exporter is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.42","1.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-mock-data","href":"/ti/packages/npm/@antv/gi-mock-data","description":"@antv/gi-mock-data is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.5","1.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-public-data","href":"/ti/packages/npm/@antv/gi-public-data","description":"@antv/gi-public-data is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-sdk","href":"/ti/packages/npm/@antv/gi-sdk","description":"@antv/gi-sdk is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.0","3.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-sdk-app","href":"/ti/packages/npm/@antv/gi-sdk-app","description":"@antv/gi-sdk-app is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.10","1.4.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-theme-antd","href":"/ti/packages/npm/@antv/gi-theme-antd","description":"@antv/gi-theme-antd is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.7.11","0.8.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/github-config-cli","href":"/ti/packages/npm/@antv/github-config-cli","description":"@antv/github-config-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-layout-blocklike","href":"/ti/packages/npm/@antv/g-layout-blocklike","description":"@antv/g-layout-blocklike is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.8.49","1.9.49"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-lite","href":"/ti/packages/npm/@antv/g-lite","description":"@antv/g-lite is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.8.0","2.9.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gl-matrix","href":"/ti/packages/npm/@antv/gl-matrix","description":"@antv/gl-matrix is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.8.1","2.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-lottie-player","href":"/ti/packages/npm/@antv/g-lottie-player","description":"@antv/g-lottie-player is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-math","href":"/ti/packages/npm/@antv/g-math","description":"@antv/g-math is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.2.0","3.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile","href":"/ti/packages/npm/@antv/g-mobile","description":"@antv/g-mobile is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.5","1.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-canvas","href":"/ti/packages/npm/@antv/g-mobile-canvas","description":"@antv/g-mobile-canvas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-canvas-element","href":"/ti/packages/npm/@antv/g-mobile-canvas-element","description":"@antv/g-mobile-canvas-element is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.42","1.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-svg","href":"/ti/packages/npm/@antv/g-mobile-svg","description":"@antv/g-mobile-svg is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-webgl","href":"/ti/packages/npm/@antv/g-mobile-webgl","description":"@antv/g-mobile-webgl is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-pattern","href":"/ti/packages/npm/@antv/g-pattern","description":"@antv/g-pattern is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.42","2.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-perf","href":"/ti/packages/npm/@antv/g-perf","description":"@antv/g-perf is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-3d","href":"/ti/packages/npm/@antv/g-plugin-3d","description":"@antv/g-plugin-3d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-a11y","href":"/ti/packages/npm/@antv/g-plugin-a11y","description":"@antv/g-plugin-a11y is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.1","1.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-annotation","href":"/ti/packages/npm/@antv/g-plugin-annotation","description":"@antv/g-plugin-annotation is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.0","1.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-box2d","href":"/ti/packages/npm/@antv/g-plugin-box2d","description":"@antv/g-plugin-box2d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvaskit-renderer","href":"/ti/packages/npm/@antv/g-plugin-canvaskit-renderer","description":"@antv/g-plugin-canvaskit-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvas-path-generator","href":"/ti/packages/npm/@antv/g-plugin-canvas-path-generator","description":"@antv/g-plugin-canvas-path-generator is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.26","2.3.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvas-picker","href":"/ti/packages/npm/@antv/g-plugin-canvas-picker","description":"@antv/g-plugin-canvas-picker is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvas-renderer","href":"/ti/packages/npm/@antv/g-plugin-canvas-renderer","description":"@antv/g-plugin-canvas-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.6.1","2.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-control","href":"/ti/packages/npm/@antv/g-plugin-control","description":"@antv/g-plugin-control is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-css-select","href":"/ti/packages/npm/@antv/g-plugin-css-select","description":"@antv/g-plugin-css-select is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-device-renderer","href":"/ti/packages/npm/@antv/g-plugin-device-renderer","description":"@antv/g-plugin-device-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.7.1","2.8.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-dom-interaction","href":"/ti/packages/npm/@antv/g-plugin-dom-interaction","description":"@antv/g-plugin-dom-interaction is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.31","2.3.31"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-dragndrop","href":"/ti/packages/npm/@antv/g-plugin-dragndrop","description":"@antv/g-plugin-dragndrop is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-gesture","href":"/ti/packages/npm/@antv/g-plugin-gesture","description":"@antv/g-plugin-gesture is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-gpgpu","href":"/ti/packages/npm/@antv/g-plugin-gpgpu","description":"@antv/g-plugin-gpgpu is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.20","1.11.20"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-html-renderer","href":"/ti/packages/npm/@antv/g-plugin-html-renderer","description":"@antv/g-plugin-html-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-image-loader","href":"/ti/packages/npm/@antv/g-plugin-image-loader","description":"@antv/g-plugin-image-loader is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-matterjs","href":"/ti/packages/npm/@antv/g-plugin-matterjs","description":"@antv/g-plugin-matterjs is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-mobile-interaction","href":"/ti/packages/npm/@antv/g-plugin-mobile-interaction","description":"@antv/g-plugin-mobile-interaction is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.42","1.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-physx","href":"/ti/packages/npm/@antv/g-plugin-physx","description":"@antv/g-plugin-physx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-rough-canvas-renderer","href":"/ti/packages/npm/@antv/g-plugin-rough-canvas-renderer","description":"@antv/g-plugin-rough-canvas-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-rough-svg-renderer","href":"/ti/packages/npm/@antv/g-plugin-rough-svg-renderer","description":"@antv/g-plugin-rough-svg-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-svg-picker","href":"/ti/packages/npm/@antv/g-plugin-svg-picker","description":"@antv/g-plugin-svg-picker is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.46","2.2.46"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-svg-renderer","href":"/ti/packages/npm/@antv/g-plugin-svg-renderer","description":"@antv/g-plugin-svg-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.1","2.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-webgl-device","href":"/ti/packages/npm/@antv/g-plugin-webgl-device","description":"@antv/g-plugin-webgl-device is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.17","1.11.17"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-webgl-renderer","href":"/ti/packages/npm/@antv/g-plugin-webgl-renderer","description":"@antv/g-plugin-webgl-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.26","1.2.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-webgpu-device","href":"/ti/packages/npm/@antv/g-plugin-webgpu-device","description":"@antv/g-plugin-webgpu-device is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.17","1.11.17"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-yoga","href":"/ti/packages/npm/@antv/g-plugin-yoga","description":"@antv/g-plugin-yoga is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-zdog-canvas-renderer","href":"/ti/packages/npm/@antv/g-plugin-zdog-canvas-renderer","description":"@antv/g-plugin-zdog-canvas-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-zdog-svg-renderer","href":"/ti/packages/npm/@antv/g-plugin-zdog-svg-renderer","description":"@antv/g-plugin-zdog-svg-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gpt-vis","href":"/ti/packages/npm/@antv/gpt-vis","description":"@antv/gpt-vis is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gpt-vis-ssr","href":"/ti/packages/npm/@antv/gpt-vis-ssr","description":"@antv/gpt-vis-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.7","0.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin","href":"/ti/packages/npm/@antv/graphin","description":"@antv/graphin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.5","3.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin-components","href":"/ti/packages/npm/@antv/graphin-components","description":"@antv/graphin-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.1","2.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin-graphscope","href":"/ti/packages/npm/@antv/graphin-graphscope","description":"@antv/graphin-graphscope is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.5","1.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin-icons","href":"/ti/packages/npm/@antv/graphin-icons","description":"@antv/graphin-icons is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphlib","href":"/ti/packages/npm/@antv/graphlib","description":"@antv/graphlib is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-shader-components","href":"/ti/packages/npm/@antv/g-shader-components","description":"@antv/g-shader-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-svg","href":"/ti/packages/npm/@antv/g-svg","description":"@antv/g-svg is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-web-animations-api","href":"/ti/packages/npm/@antv/g-web-animations-api","description":"@antv/g-web-animations-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.32","2.3.32"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-web-components","href":"/ti/packages/npm/@antv/g-web-components","description":"@antv/g-web-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgl","href":"/ti/packages/npm/@antv/g-webgl","description":"@antv/g-webgl is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgl-compute","href":"/ti/packages/npm/@antv/g-webgl-compute","description":"@antv/g-webgl-compute is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu","href":"/ti/packages/npm/@antv/g-webgpu","description":"@antv/g-webgpu is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-compiler","href":"/ti/packages/npm/@antv/g-webgpu-compiler","description":"@antv/g-webgpu-compiler is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.2","0.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-core","href":"/ti/packages/npm/@antv/g-webgpu-core","description":"@antv/g-webgpu-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.2","0.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-engine","href":"/ti/packages/npm/@antv/g-webgpu-engine","description":"@antv/g-webgpu-engine is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.2","0.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-raytracer","href":"/ti/packages/npm/@antv/g-webgpu-raytracer","description":"@antv/g-webgpu-raytracer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.1","0.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-unitchart","href":"/ti/packages/npm/@antv/g-webgpu-unitchart","description":"@antv/g-webgpu-unitchart is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.1","0.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/hierarchy","href":"/ti/packages/npm/@antv/hierarchy","description":"@antv/hierarchy is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.1","0.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/infographic","href":"/ti/packages/npm/@antv/infographic","description":"@antv/infographic is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.19","0.4.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/insight-component","href":"/ti/packages/npm/@antv/insight-component","description":"@antv/insight-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/interaction","href":"/ti/packages/npm/@antv/interaction","description":"@antv/interaction is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.5","0.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/istanbul","href":"/ti/packages/npm/@antv/istanbul","description":"@antv/istanbul is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.0","0.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/knowledge","href":"/ti/packages/npm/@antv/knowledge","description":"@antv/knowledge is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.4","1.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7","href":"/ti/packages/npm/@antv/l7","description":"@antv/l7 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-component","href":"/ti/packages/npm/@antv/l7-component","description":"@antv/l7-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-composite-layers","href":"/ti/packages/npm/@antv/l7-composite-layers","description":"@antv/l7-composite-layers is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.18.1","0.19.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-core","href":"/ti/packages/npm/@antv/l7-core","description":"@antv/l7-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-district","href":"/ti/packages/npm/@antv/l7-district","description":"@antv/l7-district is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.12","2.5.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-draw","href":"/ti/packages/npm/@antv/l7-draw","description":"@antv/l7-draw is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.2.5","3.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-editor","href":"/ti/packages/npm/@antv/l7-editor","description":"@antv/l7-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.13","1.3.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-extension-g-layer","href":"/ti/packages/npm/@antv/l7-extension-g-layer","description":"@antv/l7-extension-g-layer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-layers","href":"/ti/packages/npm/@antv/l7-layers","description":"@antv/l7-layers is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-leaflet","href":"/ti/packages/npm/@antv/l7-leaflet","description":"@antv/l7-leaflet is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-map","href":"/ti/packages/npm/@antv/l7-map","description":"@antv/l7-map is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-mapkit","href":"/ti/packages/npm/@antv/l7-mapkit","description":"@antv/l7-mapkit is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.0","0.7.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-maps","href":"/ti/packages/npm/@antv/l7-maps","description":"@antv/l7-maps is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-mini","href":"/ti/packages/npm/@antv/l7-mini","description":"@antv/l7-mini is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.21.8","2.22.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-pass","href":"/ti/packages/npm/@antv/l7-pass","description":"@antv/l7-pass is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7plot","href":"/ti/packages/npm/@antv/l7plot","description":"@antv/l7plot is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.11","0.7.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7plot-component","href":"/ti/packages/npm/@antv/l7plot-component","description":"@antv/l7plot-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.11","0.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-react","href":"/ti/packages/npm/@antv/l7-react","description":"@antv/l7-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.3","2.6.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-renderer","href":"/ti/packages/npm/@antv/l7-renderer","description":"@antv/l7-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-scene","href":"/ti/packages/npm/@antv/l7-scene","description":"@antv/l7-scene is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-source","href":"/ti/packages/npm/@antv/l7-source","description":"@antv/l7-source is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-three","href":"/ti/packages/npm/@antv/l7-three","description":"@antv/l7-three is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-utils","href":"/ti/packages/npm/@antv/l7-utils","description":"@antv/l7-utils is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/larkmap","href":"/ti/packages/npm/@antv/larkmap","description":"@antv/larkmap is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.6.1","1.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/layout-gpu","href":"/ti/packages/npm/@antv/layout-gpu","description":"@antv/layout-gpu is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.7","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/layout-wasm","href":"/ti/packages/npm/@antv/layout-wasm","description":"@antv/layout-wasm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.2","1.6.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-aiearth-assets","href":"/ti/packages/npm/@antv/li-aiearth-assets","description":"@antv/li-aiearth-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.5.7","0.6.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-analysis-assets","href":"/ti/packages/npm/@antv/li-analysis-assets","description":"@antv/li-analysis-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.1","1.11.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-core-assets","href":"/ti/packages/npm/@antv/li-core-assets","description":"@antv/li-core-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.4.7","1.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-editor","href":"/ti/packages/npm/@antv/li-editor","description":"@antv/li-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.7.1","1.8.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-p2","href":"/ti/packages/npm/@antv/li-p2","description":"@antv/li-p2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.2","1.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-sam-assets","href":"/ti/packages/npm/@antv/li-sam-assets","description":"@antv/li-sam-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.4","0.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-sdk","href":"/ti/packages/npm/@antv/li-sdk","description":"@antv/li-sdk is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.6.1","1.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/lite-insight","href":"/ti/packages/npm/@antv/lite-insight","description":"@antv/lite-insight is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/matrix-util","href":"/ti/packages/npm/@antv/matrix-util","description":"@antv/matrix-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.4","3.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/mcp-server-antv","href":"/ti/packages/npm/@antv/mcp-server-antv","description":"@antv/mcp-server-antv is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.8","0.3.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/mcp-server-chart","href":"/ti/packages/npm/@antv/mcp-server-chart","description":"@antv/mcp-server-chart is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.10","0.11.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/my-f2","href":"/ti/packages/npm/@antv/my-f2","description":"@antv/my-f2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.7","2.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/my-f2-pc","href":"/ti/packages/npm/@antv/my-f2-pc","description":"@antv/my-f2-pc is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/narrative-text-editor","href":"/ti/packages/npm/@antv/narrative-text-editor","description":"@antv/narrative-text-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.20","0.4.20"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/narrative-text-schema","href":"/ti/packages/npm/@antv/narrative-text-schema","description":"@antv/narrative-text-schema is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.7","0.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/narrative-text-vis","href":"/ti/packages/npm/@antv/narrative-text-vis","description":"@antv/narrative-text-vis is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.16","0.5.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/path-util","href":"/ti/packages/npm/@antv/path-util","description":"@antv/path-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.1","3.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/react-g","href":"/ti/packages/npm/@antv/react-g","description":"@antv/react-g is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2","href":"/ti/packages/npm/@antv/s2","description":"@antv/s2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.8.1","2.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-react","href":"/ti/packages/npm/@antv/s2-react","description":"@antv/s2-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-react-components","href":"/ti/packages/npm/@antv/s2-react-components","description":"@antv/s2-react-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.2","2.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-ssr","href":"/ti/packages/npm/@antv/s2-ssr","description":"@antv/s2-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-vue","href":"/ti/packages/npm/@antv/s2-vue","description":"@antv/s2-vue is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.0","2.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/sam","href":"/ti/packages/npm/@antv/sam","description":"@antv/sam is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/scale","href":"/ti/packages/npm/@antv/scale","description":"@antv/scale is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.2","0.7.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/semantic-release-pnpm","href":"/ti/packages/npm/@antv/semantic-release-pnpm","description":"@antv/semantic-release-pnpm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.4","1.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/smart-color","href":"/ti/packages/npm/@antv/smart-color","description":"@antv/smart-color is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.1","0.4.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/stat","href":"/ti/packages/npm/@antv/stat","description":"@antv/stat is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/t8","href":"/ti/packages/npm/@antv/t8","description":"@antv/t8 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.0","0.5.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/thumbnails","href":"/ti/packages/npm/@antv/thumbnails","description":"@antv/thumbnails is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/thumbnails-component","href":"/ti/packages/npm/@antv/thumbnails-component","description":"@antv/thumbnails-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/torch","href":"/ti/packages/npm/@antv/torch","description":"@antv/torch is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.6","1.2.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/translator","href":"/ti/packages/npm/@antv/translator","description":"@antv/translator is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/util","href":"/ti/packages/npm/@antv/util","description":"@antv/util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.4.11","3.5.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/vendor","href":"/ti/packages/npm/@antv/vendor","description":"@antv/vendor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.11","1.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/vis-predict-engine","href":"/ti/packages/npm/@antv/vis-predict-engine","description":"@antv/vis-predict-engine is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/webgpu-graph","href":"/ti/packages/npm/@antv/webgpu-graph","description":"@antv/webgpu-graph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/word-scale-chart","href":"/ti/packages/npm/@antv/word-scale-chart","description":"@antv/word-scale-chart is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.4","0.5.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/wx-f2","href":"/ti/packages/npm/@antv/wx-f2","description":"@antv/wx-f2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6","href":"/ti/packages/npm/@antv/x6","description":"@antv/x6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.2.7","3.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-angular-shape","href":"/ti/packages/npm/@antv/x6-angular-shape","description":"@antv/x6-angular-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.1","3.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-common","href":"/ti/packages/npm/@antv/x6-common","description":"@antv/x6-common is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.17","2.2.17"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-components","href":"/ti/packages/npm/@antv/x6-components","description":"@antv/x6-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.11.7","0.12.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-geometry","href":"/ti/packages/npm/@antv/x6-geometry","description":"@antv/x6-geometry is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.5","2.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-clipboard","href":"/ti/packages/npm/@antv/x6-plugin-clipboard","description":"@antv/x6-plugin-clipboard is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.6","2.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-dnd","href":"/ti/packages/npm/@antv/x6-plugin-dnd","description":"@antv/x6-plugin-dnd is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-export","href":"/ti/packages/npm/@antv/x6-plugin-export","description":"@antv/x6-plugin-export is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.6","2.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-history","href":"/ti/packages/npm/@antv/x6-plugin-history","description":"@antv/x6-plugin-history is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.4","2.4.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-keyboard","href":"/ti/packages/npm/@antv/x6-plugin-keyboard","description":"@antv/x6-plugin-keyboard is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.3","2.4.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-minimap","href":"/ti/packages/npm/@antv/x6-plugin-minimap","description":"@antv/x6-plugin-minimap is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.7","2.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-scroller","href":"/ti/packages/npm/@antv/x6-plugin-scroller","description":"@antv/x6-plugin-scroller is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.10","2.2.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-selection","href":"/ti/packages/npm/@antv/x6-plugin-selection","description":"@antv/x6-plugin-selection is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.2","2.4.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-snapline","href":"/ti/packages/npm/@antv/x6-plugin-snapline","description":"@antv/x6-plugin-snapline is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.7","2.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-stencil","href":"/ti/packages/npm/@antv/x6-plugin-stencil","description":"@antv/x6-plugin-stencil is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.5","2.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-transform","href":"/ti/packages/npm/@antv/x6-plugin-transform","description":"@antv/x6-plugin-transform is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.8","2.3.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-react","href":"/ti/packages/npm/@antv/x6-react","description":"@antv/x6-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.26","0.3.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-react-components","href":"/ti/packages/npm/@antv/x6-react-components","description":"@antv/x6-react-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.9","2.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-react-shape","href":"/ti/packages/npm/@antv/x6-react-shape","description":"@antv/x6-react-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.1","3.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-vector","href":"/ti/packages/npm/@antv/x6-vector","description":"@antv/x6-vector is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.2","1.6.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-vue3-shape","href":"/ti/packages/npm/@antv/x6-vue3-shape","description":"@antv/x6-vue3-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-vue-shape","href":"/ti/packages/npm/@antv/x6-vue-shape","description":"@antv/x6-vue-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.2","3.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow","href":"/ti/packages/npm/@antv/xflow","description":"@antv/xflow is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.13","2.3.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-core","href":"/ti/packages/npm/@antv/xflow-core","description":"@antv/xflow-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.55","1.2.55"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-diff","href":"/ti/packages/npm/@antv/xflow-diff","description":"@antv/xflow-diff is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-extension","href":"/ti/packages/npm/@antv/xflow-extension","description":"@antv/xflow-extension is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.55","1.2.55"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-hook","href":"/ti/packages/npm/@antv/xflow-hook","description":"@antv/xflow-hook is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.55","1.2.55"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"ast-plugin","href":"/ti/packages/npm/ast-plugin","description":"ast-plugin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.1.7","0.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"babel-plugin-version","href":"/ti/packages/npm/babel-plugin-version","description":"babel-plugin-version is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.3","0.4.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"boring-avatars-vanilla","href":"/ti/packages/npm/boring-avatars-vanilla","description":"boring-avatars-vanilla is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"byte-parser","href":"/ti/packages/npm/byte-parser","description":"byte-parser is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"canvas-nest.js","href":"/ti/packages/npm/canvas-nest.js","description":"canvas-nest.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"echarts-for-react","href":"/ti/packages/npm/echarts-for-react","description":"echarts-for-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["3.0.7","3.1.7","3.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"filesize.js","href":"/ti/packages/npm/filesize.js","description":"filesize.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"fixed-round","href":"/ti/packages/npm/fixed-round","description":"fixed-round is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"gantt-for-react","href":"/ti/packages/npm/gantt-for-react","description":"gantt-for-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-canvas-mock","href":"/ti/packages/npm/jest-canvas-mock","description":"jest-canvas-mock is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.5.3","2.6.3","2.7.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-date-mock","href":"/ti/packages/npm/jest-date-mock","description":"jest-date-mock is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.0.11","1.1.11","1.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-electron","href":"/ti/packages/npm/jest-electron","description":"jest-electron is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.12","0.3.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-expect","href":"/ti/packages/npm/jest-expect","description":"jest-expect is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-less-loader","href":"/ti/packages/npm/jest-less-loader","description":"jest-less-loader is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-random-mock","href":"/ti/packages/npm/jest-random-mock","description":"jest-random-mock is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-url-loader","href":"/ti/packages/npm/jest-url-loader","description":"jest-url-loader is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"limit-size","href":"/ti/packages/npm/limit-size","description":"limit-size is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.4","0.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"lint-md","href":"/ti/packages/npm/lint-md","description":"lint-md is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"lint-md-cli","href":"/ti/packages/npm/lint-md-cli","description":"lint-md-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.2","0.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@lint-md/cli","href":"/ti/packages/npm/@lint-md/cli","description":"@lint-md/cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@lint-md/core","href":"/ti/packages/npm/@lint-md/core","description":"@lint-md/core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@lint-md/parser","href":"/ti/packages/npm/@lint-md/parser","description":"@lint-md/parser is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.1.14","0.2.14"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"mcp-echarts","href":"/ti/packages/npm/mcp-echarts","description":"mcp-echarts is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.8.1","0.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"mcp-mermaid","href":"/ti/packages/npm/mcp-mermaid","description":"mcp-mermaid is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.5.1","0.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"miz","href":"/ti/packages/npm/miz","description":"miz is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"onfire.js","href":"/ti/packages/npm/onfire.js","description":"onfire.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.1","2.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"react-adsense","href":"/ti/packages/npm/react-adsense","description":"react-adsense is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"relationship.js","href":"/ti/packages/npm/relationship.js","description":"relationship.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.3.9","1.4.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"ribbon.js","href":"/ti/packages/npm/ribbon.js","description":"ribbon.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"size-sensor","href":"/ti/packages/npm/size-sensor","description":"size-sensor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.0.4","1.1.4","1.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"slice.js","href":"/ti/packages/npm/slice.js","description":"slice.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"timeago.js","href":"/ti/packages/npm/timeago.js","description":"timeago.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["4.1.2","4.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"timeago-react","href":"/ti/packages/npm/timeago-react","description":"timeago-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["3.1.7","3.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"uri-parse","href":"/ti/packages/npm/uri-parse","description":"uri-parse is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"word-width","href":"/ti/packages/npm/word-width","description":"word-width is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"xmorse","href":"/ti/packages/npm/xmorse","description":"xmorse is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"node-ipc","href":"/ti/packages/npm/node-ipc","description":"node-ipc is identified in the SafeDep analysis \"Compromised node-ipc on npm: Credential Stealer via DNS Exfiltration\". >-","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["9.1.6","9.2.3","12.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-14"},{"ecosystem":"npm","name":"iceberg-javascript","href":"/ti/packages/npm/iceberg-javascript","description":"iceberg-javascript is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["0.8.2"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"supabase-javascript","href":"/ti/packages/npm/supabase-javascript","description":"supabase-javascript is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["2.98.3"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"auth-javascript","href":"/ti/packages/npm/auth-javascript","description":"auth-javascript is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["0.0.17"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"microsoft-applicationinsights-common","href":"/ti/packages/npm/microsoft-applicationinsights-common","description":"microsoft-applicationinsights-common is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["3.4.2"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"ms-graph-types","href":"/ti/packages/npm/ms-graph-types","description":"ms-graph-types is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["2.43.2"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"@beproduct/nestjs-auth","href":"/ti/packages/npm/@beproduct/nestjs-auth","description":"@beproduct/nestjs-auth is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@dirigible-ai/sdk","href":"/ti/packages/npm/@dirigible-ai/sdk","description":"@dirigible-ai/sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.2","0.6.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftauth/client","href":"/ti/packages/npm/@draftauth/client","description":"@draftauth/client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftauth/core","href":"/ti/packages/npm/@draftauth/core","description":"@draftauth/core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.13.1","0.13.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftlab/auth","href":"/ti/packages/npm/@draftlab/auth","description":"@draftlab/auth is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.24.1","0.24.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftlab/auth-router","href":"/ti/packages/npm/@draftlab/auth-router","description":"@draftlab/auth-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.1","0.5.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftlab/db","href":"/ti/packages/npm/@draftlab/db","description":"@draftlab/db is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.16.1","0.16.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mesadev/rest","href":"/ti/packages/npm/@mesadev/rest","description":"@mesadev/rest is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.28.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mesadev/saguaro","href":"/ti/packages/npm/@mesadev/saguaro","description":"@mesadev/saguaro is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.22"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mesadev/sdk","href":"/ti/packages/npm/@mesadev/sdk","description":"@mesadev/sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.28.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mistralai/mistralai","href":"/ti/packages/npm/@mistralai/mistralai","description":"@mistralai/mistralai is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["2.2.2","2.2.3","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mistralai/mistralai-azure","href":"/ti/packages/npm/@mistralai/mistralai-azure","description":"@mistralai/mistralai-azure is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.7.1","1.7.2","1.7.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mistralai/mistralai-gcp","href":"/ti/packages/npm/@mistralai/mistralai-gcp","description":"@mistralai/mistralai-gcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.7.1","1.7.2","1.7.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@ml-toolkit-ts/preprocessing","href":"/ti/packages/npm/@ml-toolkit-ts/preprocessing","description":"@ml-toolkit-ts/preprocessing is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@ml-toolkit-ts/xgboost","href":"/ti/packages/npm/@ml-toolkit-ts/xgboost","description":"@ml-toolkit-ts/xgboost is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.3","1.0.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@opensearch-project/opensearch","href":"/ti/packages/npm/@opensearch-project/opensearch","description":"@opensearch-project/opensearch is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["3.5.3","3.6.2","3.7.0","3.8.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airport-data","href":"/ti/packages/npm/@squawk/airport-data","description":"@squawk/airport-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.7.4","0.7.5","0.7.6","0.7.7","0.7.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airports","href":"/ti/packages/npm/@squawk/airports","description":"@squawk/airports is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.2","0.6.3","0.6.4","0.6.5","0.6.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airspace","href":"/ti/packages/npm/@squawk/airspace","description":"@squawk/airspace is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.1","0.8.2","0.8.3","0.8.4","0.8.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airspace-data","href":"/ti/packages/npm/@squawk/airspace-data","description":"@squawk/airspace-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.3","0.5.4","0.5.5","0.5.6","0.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airway-data","href":"/ti/packages/npm/@squawk/airway-data","description":"@squawk/airway-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.4","0.5.5","0.5.6","0.5.7","0.5.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airways","href":"/ti/packages/npm/@squawk/airways","description":"@squawk/airways is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.2","0.4.3","0.4.4","0.4.5","0.4.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/fix-data","href":"/ti/packages/npm/@squawk/fix-data","description":"@squawk/fix-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.4","0.6.5","0.6.6","0.6.7","0.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/fixes","href":"/ti/packages/npm/@squawk/fixes","description":"@squawk/fixes is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.2","0.3.3","0.3.4","0.3.5","0.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/flight-math","href":"/ti/packages/npm/@squawk/flight-math","description":"@squawk/flight-math is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.4","0.5.5","0.5.6","0.5.7","0.5.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/flightplan","href":"/ti/packages/npm/@squawk/flightplan","description":"@squawk/flightplan is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.2","0.5.3","0.5.4","0.5.5","0.5.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/geo","href":"/ti/packages/npm/@squawk/geo","description":"@squawk/geo is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.4","0.4.5","0.4.6","0.4.7","0.4.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/icao-registry","href":"/ti/packages/npm/@squawk/icao-registry","description":"@squawk/icao-registry is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.2","0.5.3","0.5.4","0.5.5","0.5.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/icao-registry-data","href":"/ti/packages/npm/@squawk/icao-registry-data","description":"@squawk/icao-registry-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.4","0.8.5","0.8.6","0.8.7","0.8.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/mcp","href":"/ti/packages/npm/@squawk/mcp","description":"@squawk/mcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.9.1","0.9.2","0.9.3","0.9.4","0.9.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/navaid-data","href":"/ti/packages/npm/@squawk/navaid-data","description":"@squawk/navaid-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.4","0.6.5","0.6.6","0.6.7","0.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/navaids","href":"/ti/packages/npm/@squawk/navaids","description":"@squawk/navaids is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.2","0.4.3","0.4.4","0.4.5","0.4.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/notams","href":"/ti/packages/npm/@squawk/notams","description":"@squawk/notams is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.6","0.3.7","0.3.8","0.3.9","0.3.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/procedure-data","href":"/ti/packages/npm/@squawk/procedure-data","description":"@squawk/procedure-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.7.3","0.7.4","0.7.5","0.7.6","0.7.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/procedures","href":"/ti/packages/npm/@squawk/procedures","description":"@squawk/procedures is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.2","0.5.3","0.5.4","0.5.5","0.5.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/types","href":"/ti/packages/npm/@squawk/types","description":"@squawk/types is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.1","0.8.2","0.8.3","0.8.4","0.8.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/units","href":"/ti/packages/npm/@squawk/units","description":"@squawk/units is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.3","0.4.4","0.4.5","0.4.6","0.4.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/weather","href":"/ti/packages/npm/@squawk/weather","description":"@squawk/weather is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.6","0.5.7","0.5.8","0.5.9","0.5.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@supersurkhet/cli","href":"/ti/packages/npm/@supersurkhet/cli","description":"@supersurkhet/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@supersurkhet/sdk","href":"/ti/packages/npm/@supersurkhet/sdk","description":"@supersurkhet/sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/components","href":"/ti/packages/npm/@tallyui/components","description":"@tallyui/components is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-medusa","href":"/ti/packages/npm/@tallyui/connector-medusa","description":"@tallyui/connector-medusa is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-shopify","href":"/ti/packages/npm/@tallyui/connector-shopify","description":"@tallyui/connector-shopify is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-vendure","href":"/ti/packages/npm/@tallyui/connector-vendure","description":"@tallyui/connector-vendure is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-woocommerce","href":"/ti/packages/npm/@tallyui/connector-woocommerce","description":"@tallyui/connector-woocommerce is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/core","href":"/ti/packages/npm/@tallyui/core","description":"@tallyui/core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2","0.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/database","href":"/ti/packages/npm/@tallyui/database","description":"@tallyui/database is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/pos","href":"/ti/packages/npm/@tallyui/pos","description":"@tallyui/pos is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1","0.1.2","0.1.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/storage-sqlite","href":"/ti/packages/npm/@tallyui/storage-sqlite","description":"@tallyui/storage-sqlite is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2","0.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/theme","href":"/ti/packages/npm/@tallyui/theme","description":"@tallyui/theme is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2","0.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/arktype-adapter","href":"/ti/packages/npm/@tanstack/arktype-adapter","description":"@tanstack/arktype-adapter is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.12","1.166.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/eslint-plugin-router","href":"/ti/packages/npm/@tanstack/eslint-plugin-router","description":"@tanstack/eslint-plugin-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.9","1.161.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/eslint-plugin-start","href":"/ti/packages/npm/@tanstack/eslint-plugin-start","description":"@tanstack/eslint-plugin-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["0.0.4","0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/history","href":"/ti/packages/npm/@tanstack/history","description":"@tanstack/history is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.9","1.161.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/nitro-v2-vite-plugin","href":"/ti/packages/npm/@tanstack/nitro-v2-vite-plugin","description":"@tanstack/nitro-v2-vite-plugin is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.154.12","1.154.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-router","href":"/ti/packages/npm/@tanstack/react-router","description":"@tanstack/react-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-router-devtools","href":"/ti/packages/npm/@tanstack/react-router-devtools","description":"@tanstack/react-router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-router-ssr-query","href":"/ti/packages/npm/@tanstack/react-router-ssr-query","description":"@tanstack/react-router-ssr-query is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.15","1.166.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start","href":"/ti/packages/npm/@tanstack/react-start","description":"@tanstack/react-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.68","1.167.71"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start-client","href":"/ti/packages/npm/@tanstack/react-start-client","description":"@tanstack/react-start-client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.51","1.166.54"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start-rsc","href":"/ti/packages/npm/@tanstack/react-start-rsc","description":"@tanstack/react-start-rsc is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["0.0.47","0.0.50"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start-server","href":"/ti/packages/npm/@tanstack/react-start-server","description":"@tanstack/react-start-server is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.55","1.166.58"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-cli","href":"/ti/packages/npm/@tanstack/router-cli","description":"@tanstack/router-cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.46","1.166.49"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-core","href":"/ti/packages/npm/@tanstack/router-core","description":"@tanstack/router-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-devtools","href":"/ti/packages/npm/@tanstack/router-devtools","description":"@tanstack/router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-devtools-core","href":"/ti/packages/npm/@tanstack/router-devtools-core","description":"@tanstack/router-devtools-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.6","1.167.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-generator","href":"/ti/packages/npm/@tanstack/router-generator","description":"@tanstack/router-generator is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.45","1.166.48"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-plugin","href":"/ti/packages/npm/@tanstack/router-plugin","description":"@tanstack/router-plugin is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.38","1.167.41"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-ssr-query-core","href":"/ti/packages/npm/@tanstack/router-ssr-query-core","description":"@tanstack/router-ssr-query-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.168.3","1.168.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-utils","href":"/ti/packages/npm/@tanstack/router-utils","description":"@tanstack/router-utils is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.11","1.161.14"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-vite-plugin","href":"/ti/packages/npm/@tanstack/router-vite-plugin","description":"@tanstack/router-vite-plugin is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.53","1.166.56"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-router","href":"/ti/packages/npm/@tanstack/solid-router","description":"@tanstack/solid-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-router-devtools","href":"/ti/packages/npm/@tanstack/solid-router-devtools","description":"@tanstack/solid-router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-router-ssr-query","href":"/ti/packages/npm/@tanstack/solid-router-ssr-query","description":"@tanstack/solid-router-ssr-query is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.15","1.166.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-start","href":"/ti/packages/npm/@tanstack/solid-start","description":"@tanstack/solid-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.65","1.167.68"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-start-client","href":"/ti/packages/npm/@tanstack/solid-start-client","description":"@tanstack/solid-start-client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.50","1.166.53"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-start-server","href":"/ti/packages/npm/@tanstack/solid-start-server","description":"@tanstack/solid-start-server is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.54","1.166.57"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-client-core","href":"/ti/packages/npm/@tanstack/start-client-core","description":"@tanstack/start-client-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.168.5","1.168.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-fn-stubs","href":"/ti/packages/npm/@tanstack/start-fn-stubs","description":"@tanstack/start-fn-stubs is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.9","1.161.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-plugin-core","href":"/ti/packages/npm/@tanstack/start-plugin-core","description":"@tanstack/start-plugin-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.23","1.169.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-server-core","href":"/ti/packages/npm/@tanstack/start-server-core","description":"@tanstack/start-server-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.33","1.167.36"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-static-server-functions","href":"/ti/packages/npm/@tanstack/start-static-server-functions","description":"@tanstack/start-static-server-functions is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.44","1.166.47"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-storage-context","href":"/ti/packages/npm/@tanstack/start-storage-context","description":"@tanstack/start-storage-context is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.38","1.166.41"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/valibot-adapter","href":"/ti/packages/npm/@tanstack/valibot-adapter","description":"@tanstack/valibot-adapter is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.12","1.166.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/virtual-file-routes","href":"/ti/packages/npm/@tanstack/virtual-file-routes","description":"@tanstack/virtual-file-routes is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.10","1.161.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-router","href":"/ti/packages/npm/@tanstack/vue-router","description":"@tanstack/vue-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-router-devtools","href":"/ti/packages/npm/@tanstack/vue-router-devtools","description":"@tanstack/vue-router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-router-ssr-query","href":"/ti/packages/npm/@tanstack/vue-router-ssr-query","description":"@tanstack/vue-router-ssr-query is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.15","1.166.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-start","href":"/ti/packages/npm/@tanstack/vue-start","description":"@tanstack/vue-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.61","1.167.64"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-start-client","href":"/ti/packages/npm/@tanstack/vue-start-client","description":"@tanstack/vue-start-client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.46","1.166.49"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-start-server","href":"/ti/packages/npm/@tanstack/vue-start-server","description":"@tanstack/vue-start-server is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.50","1.166.53"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/zod-adapter","href":"/ti/packages/npm/@tanstack/zod-adapter","description":"@tanstack/zod-adapter is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.12","1.166.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@taskflow-corp/cli","href":"/ti/packages/npm/@taskflow-corp/cli","description":"@taskflow-corp/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.24","0.1.25","0.1.26","0.1.27","0.1.28","0.1.29"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tolka/cli","href":"/ti/packages/npm/@tolka/cli","description":"@tolka/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/access-policy-sdk","href":"/ti/packages/npm/@uipath/access-policy-sdk","description":"@uipath/access-policy-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/access-policy-tool","href":"/ti/packages/npm/@uipath/access-policy-tool","description":"@uipath/access-policy-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/admin-tool","href":"/ti/packages/npm/@uipath/admin-tool","description":"@uipath/admin-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/agent-sdk","href":"/ti/packages/npm/@uipath/agent-sdk","description":"@uipath/agent-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/agent-tool","href":"/ti/packages/npm/@uipath/agent-tool","description":"@uipath/agent-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/agent.sdk","href":"/ti/packages/npm/@uipath/agent.sdk","description":"@uipath/agent.sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/aops-policy-tool","href":"/ti/packages/npm/@uipath/aops-policy-tool","description":"@uipath/aops-policy-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/ap-chat","href":"/ti/packages/npm/@uipath/ap-chat","description":"@uipath/ap-chat is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/api-workflow-tool","href":"/ti/packages/npm/@uipath/api-workflow-tool","description":"@uipath/api-workflow-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/apollo-core","href":"/ti/packages/npm/@uipath/apollo-core","description":"@uipath/apollo-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["5.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/apollo-react","href":"/ti/packages/npm/@uipath/apollo-react","description":"@uipath/apollo-react is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["4.24.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/apollo-wind","href":"/ti/packages/npm/@uipath/apollo-wind","description":"@uipath/apollo-wind is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["2.16.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/auth","href":"/ti/packages/npm/@uipath/auth","description":"@uipath/auth is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/case-tool","href":"/ti/packages/npm/@uipath/case-tool","description":"@uipath/case-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/cli","href":"/ti/packages/npm/@uipath/cli","description":"@uipath/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/codedagent-tool","href":"/ti/packages/npm/@uipath/codedagent-tool","description":"@uipath/codedagent-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/codedagents-tool","href":"/ti/packages/npm/@uipath/codedagents-tool","description":"@uipath/codedagents-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/codedapp-tool","href":"/ti/packages/npm/@uipath/codedapp-tool","description":"@uipath/codedapp-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/common","href":"/ti/packages/npm/@uipath/common","description":"@uipath/common is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/context-grounding-tool","href":"/ti/packages/npm/@uipath/context-grounding-tool","description":"@uipath/context-grounding-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/data-fabric-tool","href":"/ti/packages/npm/@uipath/data-fabric-tool","description":"@uipath/data-fabric-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/docsai-tool","href":"/ti/packages/npm/@uipath/docsai-tool","description":"@uipath/docsai-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/filesystem","href":"/ti/packages/npm/@uipath/filesystem","description":"@uipath/filesystem is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/flow-tool","href":"/ti/packages/npm/@uipath/flow-tool","description":"@uipath/flow-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/functions-tool","href":"/ti/packages/npm/@uipath/functions-tool","description":"@uipath/functions-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/gov-tool","href":"/ti/packages/npm/@uipath/gov-tool","description":"@uipath/gov-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/identity-tool","href":"/ti/packages/npm/@uipath/identity-tool","description":"@uipath/identity-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/insights-sdk","href":"/ti/packages/npm/@uipath/insights-sdk","description":"@uipath/insights-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/insights-tool","href":"/ti/packages/npm/@uipath/insights-tool","description":"@uipath/insights-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/integrationservice-sdk","href":"/ti/packages/npm/@uipath/integrationservice-sdk","description":"@uipath/integrationservice-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/integrationservice-tool","href":"/ti/packages/npm/@uipath/integrationservice-tool","description":"@uipath/integrationservice-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/llmgw-tool","href":"/ti/packages/npm/@uipath/llmgw-tool","description":"@uipath/llmgw-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/maestro-sdk","href":"/ti/packages/npm/@uipath/maestro-sdk","description":"@uipath/maestro-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/maestro-tool","href":"/ti/packages/npm/@uipath/maestro-tool","description":"@uipath/maestro-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/orchestrator-tool","href":"/ti/packages/npm/@uipath/orchestrator-tool","description":"@uipath/orchestrator-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-apiworkflow","href":"/ti/packages/npm/@uipath/packager-tool-apiworkflow","description":"@uipath/packager-tool-apiworkflow is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-bpmn","href":"/ti/packages/npm/@uipath/packager-tool-bpmn","description":"@uipath/packager-tool-bpmn is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-case","href":"/ti/packages/npm/@uipath/packager-tool-case","description":"@uipath/packager-tool-case is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-connector","href":"/ti/packages/npm/@uipath/packager-tool-connector","description":"@uipath/packager-tool-connector is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-flow","href":"/ti/packages/npm/@uipath/packager-tool-flow","description":"@uipath/packager-tool-flow is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-functions","href":"/ti/packages/npm/@uipath/packager-tool-functions","description":"@uipath/packager-tool-functions is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-webapp","href":"/ti/packages/npm/@uipath/packager-tool-webapp","description":"@uipath/packager-tool-webapp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-workflowcompiler","href":"/ti/packages/npm/@uipath/packager-tool-workflowcompiler","description":"@uipath/packager-tool-workflowcompiler is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-workflowcompiler-browser","href":"/ti/packages/npm/@uipath/packager-tool-workflowcompiler-browser","description":"@uipath/packager-tool-workflowcompiler-browser is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.34"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/platform-tool","href":"/ti/packages/npm/@uipath/platform-tool","description":"@uipath/platform-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/project-packager","href":"/ti/packages/npm/@uipath/project-packager","description":"@uipath/project-packager is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.1.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/resource-tool","href":"/ti/packages/npm/@uipath/resource-tool","description":"@uipath/resource-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/resourcecatalog-tool","href":"/ti/packages/npm/@uipath/resourcecatalog-tool","description":"@uipath/resourcecatalog-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/resources-tool","href":"/ti/packages/npm/@uipath/resources-tool","description":"@uipath/resources-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/robot","href":"/ti/packages/npm/@uipath/robot","description":"@uipath/robot is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/rpa-legacy-tool","href":"/ti/packages/npm/@uipath/rpa-legacy-tool","description":"@uipath/rpa-legacy-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/rpa-tool","href":"/ti/packages/npm/@uipath/rpa-tool","description":"@uipath/rpa-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.9.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solution-packager","href":"/ti/packages/npm/@uipath/solution-packager","description":"@uipath/solution-packager is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.35"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solution-tool","href":"/ti/packages/npm/@uipath/solution-tool","description":"@uipath/solution-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solutionpackager-sdk","href":"/ti/packages/npm/@uipath/solutionpackager-sdk","description":"@uipath/solutionpackager-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solutionpackager-tool-core","href":"/ti/packages/npm/@uipath/solutionpackager-tool-core","description":"@uipath/solutionpackager-tool-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.34"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/tasks-tool","href":"/ti/packages/npm/@uipath/tasks-tool","description":"@uipath/tasks-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/telemetry","href":"/ti/packages/npm/@uipath/telemetry","description":"@uipath/telemetry is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/test-manager-tool","href":"/ti/packages/npm/@uipath/test-manager-tool","description":"@uipath/test-manager-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/tool-workflowcompiler","href":"/ti/packages/npm/@uipath/tool-workflowcompiler","description":"@uipath/tool-workflowcompiler is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/traces-tool","href":"/ti/packages/npm/@uipath/traces-tool","description":"@uipath/traces-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/ui-widgets-multi-file-upload","href":"/ti/packages/npm/@uipath/ui-widgets-multi-file-upload","description":"@uipath/ui-widgets-multi-file-upload is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/uipath-python-bridge","href":"/ti/packages/npm/@uipath/uipath-python-bridge","description":"@uipath/uipath-python-bridge is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/vertical-solutions-tool","href":"/ti/packages/npm/@uipath/vertical-solutions-tool","description":"@uipath/vertical-solutions-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/vss","href":"/ti/packages/npm/@uipath/vss","description":"@uipath/vss is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/widget.sdk","href":"/ti/packages/npm/@uipath/widget.sdk","description":"@uipath/widget.sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"agentwork-cli","href":"/ti/packages/npm/agentwork-cli","description":"agentwork-cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.4","0.1.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"cmux-agent-mcp","href":"/ti/packages/npm/cmux-agent-mcp","description":"cmux-agent-mcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"cross-stitch","href":"/ti/packages/npm/cross-stitch","description":"cross-stitch is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.1.3","1.1.4","1.1.5","1.1.6","1.1.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"git-branch-selector","href":"/ti/packages/npm/git-branch-selector","description":"git-branch-selector is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.3.3","1.3.4","1.3.5","1.3.6","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"git-git-git","href":"/ti/packages/npm/git-git-git","description":"git-git-git is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.8","1.0.9","1.0.10","1.0.11","1.0.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"ml-toolkit-ts","href":"/ti/packages/npm/ml-toolkit-ts","description":"ml-toolkit-ts is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.4","1.0.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"nextmove-mcp","href":"/ti/packages/npm/nextmove-mcp","description":"nextmove-mcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.3","0.1.4","0.1.5","0.1.6","0.1.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"safe-action","href":"/ti/packages/npm/safe-action","description":"safe-action is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.3","0.8.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"ts-dna","href":"/ti/packages/npm/ts-dna","description":"ts-dna is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["3.0.1","3.0.2","3.0.3","3.0.4","3.0.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"wot-api","href":"/ti/packages/npm/wot-api","description":"wot-api is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.1","0.8.2","0.8.3","0.8.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"pypi","name":"guardrails-ai","href":"/ti/packages/pypi/guardrails-ai","description":"guardrails-ai is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.10.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"pypi","name":"mistralai","href":"/ti/packages/pypi/mistralai","description":"mistralai is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["2.4.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"noon-contracts","href":"/ti/packages/npm/noon-contracts","description":"noon-contracts is identified in the SafeDep analysis \"noon-contracts npm Package: DeFi Supply Chain RAT\". noon-contracts poses as a Noon Protocol SDK on npm. On install it exfiltrates SSH keys, crypto wallet private keys, AWS credentials (including live STS/S3/SecretsManager calls), Kubernetes secrets, .env files, shell history, and browser wallet paths to C2 at 82.221.101.203:8443. A full eval-based remote shell polls every 45 seconds. Triple persistence via crontab, macOS LaunchAgent, Linux systemd, and shell RC injection.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","crypto_drainer"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-05-10"},{"ecosystem":"npm","name":"martinez-polygon-clipping-tony","href":"/ti/packages/npm/martinez-polygon-clipping-tony","description":"martinez-polygon-clipping-tony is identified in the SafeDep analysis \"martinez-polygon-clipping-tony: Trojanized npm Fork Drops Telegram RAT\". martinez-polygon-clipping-tony is a trojanized fork of the legitimate martinez-polygon-clipping npm package. The postinstall hook downloads a PyInstaller-packed Telegram bot from 172.86.73.132 that provides full remote shell, screenshot capture, file upload/download, and self-destruct capabilities on Windows targets.","threat_types":["rat","persistence"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-05-07"},{"ecosystem":"npm","name":"common-tg-service","href":"/ti/packages/npm/common-tg-service","description":"Telegram account-takeover framework disguised as a NestJS Telegram service utility. All 502 published versions (1.0.1 through 1.3.207) are malicious. Sets a hardcoded 2FA password on managed accounts, polls operator IMAP for the confirmation code, evicts other authorized devices, and forwards OTP login codes from chat 777000 to operator-controlled Telegram bot channels. Pulls runtime config from npoint.io with committed plaintext credentials.","threat_types":["credential_stealer","data_exfiltration","c2_agent"],"versions":["1.3.207","1.0.1"],"campaigns":["shetty123 Telegram Hijack"],"discovered_at":"2026-05-03"},{"ecosystem":"npm","name":"ams-ssk","href":"/ti/packages/npm/ams-ssk","description":"Server-side runtime for the shetty123 Telegram-hijack operation, marketed as a NestJS file-management library. Defines the same folders/:folder/files/download-all API surface that common-tg-service consumes from cms.paidgirl.site. No direct local-execution payload against the installer; campaign-associated operator infrastructure published on npm under the same publisher.","threat_types":["c2_agent"],"versions":["1.0.33","1.0.0"],"campaigns":["shetty123 Telegram Hijack"],"discovered_at":"2026-05-03"},{"ecosystem":"npm","name":"node-env-resolve","href":"/ti/packages/npm/node-env-resolve","description":"node-env-resolve is identified in the SafeDep analysis \"node-env-resolve: npm Package Installs a Full RAT\". node-env-resolve is a malicious npm package that installs a full-featured remote access trojan on developer machines. The RAT streams screens, captures audio, steals browser history, and gives full mouse and keyboard control to a remote operator. The toolkit matches the OtterCookie RAT family linked to North Korea's Contagious Interview campaign.","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.3"],"campaigns":["tanvisoul9 npm Backdoors"],"discovered_at":"2026-05-03"},{"ecosystem":"npm","name":"exiouss","href":"/ti/packages/npm/exiouss","description":"exiouss is identified in the SafeDep analysis \"exiouss: Cookie Stealer Bundled in npm Exam Cheat\". exiouss on npm is the latest package from the loltestpad campaign — the same attacker who published the ixpresso-core Windows RAT in April. It bundles a dormant ChatGPT cookie stealer alongside an AI exam cheating tool, targeting students who willingly run it.","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.0"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-05-01"},{"ecosystem":"pypi","name":"pytorch-lightning","href":"/ti/packages/pypi/pytorch-lightning","description":"pytorch-lightning is identified in the SafeDep analysis \"PyTorch Lightning Compromised: Shai-Hulud Worm Reaches PyPI\". PyPI yanked PyTorch Lightning versions 2.6.2 and 2.6.3 after both embedded a two-stage credential-stealing payload. Any import of the library spawns an 11MB obfuscated JavaScript worm identical to the Shai-Hulud payload seen in the April 29 SAP npm campaign.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.5.3"],"campaigns":["Shai-Hulud"],"discovered_at":"2026-04-30"},{"ecosystem":"npm","name":"@cap-js/sqlite","href":"/ti/packages/npm/@cap-js/sqlite","description":"@cap-js/sqlite is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"@cap-js/postgres","href":"/ti/packages/npm/@cap-js/postgres","description":"@cap-js/postgres is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"@cap-js/db-service","href":"/ti/packages/npm/@cap-js/db-service","description":"@cap-js/db-service is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.10.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"mbt","href":"/ti/packages/npm/mbt","description":"mbt is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["1.2.48"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"npm-global-util","href":"/ti/packages/npm/npm-global-util","description":"npm-global-util is identified in the SafeDep analysis \"npm-global-util: Credential Theft and Supply Chain Attack\". npm-global-util is a malicious npm package by maintainer raya4321 that exfiltrates credentials and system recon data via a preinstall hook. Part of a 16-package campaign targeting Apple developer CI/CD environments, with a second-stage that attempts to poison apple-app-store-server-library.","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"redeem-onchain-sdk","href":"/ti/packages/npm/redeem-onchain-sdk","description":"redeem-onchain-sdk is identified in the SafeDep analysis \"Malicious redeem-onchain-sdk npm Targets Crypto Wallets\". >-","threat_types":["crypto_drainer"],"versions":["1.0.0"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"@bitwarden/cli","href":"/ti/packages/npm/@bitwarden/cli","description":"@bitwarden/cli is identified in the SafeDep analysis \"Bitwarden CLI Supply Chain Compromise\". >-","threat_types":["other"],"versions":["2026.4.1"],"campaigns":["TeamPCP"],"discovered_at":"2026-04-24"},{"ecosystem":"npm","name":"ixpresso-core","href":"/ti/packages/npm/ixpresso-core","description":"ixpresso-core is identified in the SafeDep analysis \"ixpresso-core: Windows RAT Disguised as a WhatsApp Agent\". ixpresso-core poses as an AI WhatsApp agent on npm but installs Veltrix, a Windows RAT that steals browser credentials, Discord tokens, and keystrokes via a hardcoded Discord webhook.","threat_types":["rat","credential_stealer","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.0","1.0.1","1.0.2"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-04-16"},{"ecosystem":"npm","name":"godsplan","href":"/ti/packages/npm/godsplan","description":"godsplan is identified in the SafeDep analysis \"ixpresso-core: Windows RAT Disguised as a WhatsApp Agent\". ixpresso-core poses as an AI WhatsApp agent on npm but installs Veltrix, a Windows RAT that steals browser credentials, Discord tokens, and keystrokes via a hardcoded Discord webhook.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-04-16"},{"ecosystem":"npm","name":"eyevox","href":"/ti/packages/npm/eyevox","description":"eyevox is identified in the SafeDep analysis \"ixpresso-core: Windows RAT Disguised as a WhatsApp Agent\". ixpresso-core poses as an AI WhatsApp agent on npm but installs Veltrix, a Windows RAT that steals browser credentials, Discord tokens, and keystrokes via a hardcoded Discord webhook.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","2.1.10","2.1.11"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-04-16"},{"ecosystem":"npm","name":"forge-jsx","href":"/ti/packages/npm/forge-jsx","description":"forge-jsx is identified in the SafeDep analysis \"forge-jsx npm Package: Purpose-Built Multi-Platform RAT\". forge-jsx poses as an Autodesk Forge SDK on npm. On install it deploys a system-wide keylogger, recursive .env file scanner, shell history exfiltrator, and a WebSocket-based remote filesystem backdoor to C2 at 204.10.194.247, with persistence via systemd, LaunchAgent, and Task Scheduler.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.20","1.0.21","1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29","1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39","1.0.40","1.0.41","1.0.42","1.0.43","1.0.44","1.0.45","1.0.46","1.0.47","1.0.48","1.0.49","1.0.50","1.0.51","1.0.52","1.0.53","1.0.54","1.0.55","1.0.56","1.0.57","1.0.58","1.0.59","1.0.60","1.0.61","1.0.62","1.0.63","1.0.64","1.0.65","1.0.66"],"campaigns":["forge-jsx RAT"],"discovered_at":"2026-04-15"},{"ecosystem":"npm","name":"@johntaohunter/forge-jsx","href":"/ti/packages/npm/@johntaohunter/forge-jsx","description":"@johntaohunter/forge-jsx is identified in the SafeDep analysis \"forge-jsx npm Package: Purpose-Built Multi-Platform RAT\". forge-jsx poses as an Autodesk Forge SDK on npm. On install it deploys a system-wide keylogger, recursive .env file scanner, shell history exfiltrator, and a WebSocket-based remote filesystem backdoor to C2 at 204.10.194.247, with persistence via systemd, LaunchAgent, and Task Scheduler.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.4"],"campaigns":["forge-jsx RAT"],"discovered_at":"2026-04-15"},{"ecosystem":"npm","name":"js-logger-pack","href":"/ti/packages/npm/js-logger-pack","description":"js-logger-pack is identified in the SafeDep analysis \"Malicious npm Package js-logger-pack Ships a Multi-Platform WebSocket Stealer\". js-logger-pack spent three weeks on npm evolving from a probe into a full infostealer and then a binary dropper. Early versions installed an SSH backdoor, hijacked Telegram sessions, drained 27 crypto wallets, and deployed a cross-platform keylogger. After disclosure on April 15, the attacker pivoted to a HuggingFace-hosted binary dropper named MicrosoftSystem64, now at v1.1.26 with 29 total releases.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["0.0.1","1.0.0","1.1.0","1.1.2","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.1.10","1.1.14","1.1.17","1.1.18","1.1.19","1.1.20","1.1.21","1.1.22","1.1.23","1.1.24","1.1.25","1.1.26"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-15"},{"ecosystem":"npm","name":"dom-utils-lite","href":"/ti/packages/npm/dom-utils-lite","description":"dom-utils-lite is identified in the SafeDep analysis \"Malicious dom-utils-lite npm SSH Backdoor via Supabase\". dom-utils-lite and centralogger on npm inject attacker SSH keys into ~/.ssh/authorized_keys and exfiltrate server metadata to Supabase-hosted C2 infrastructure, granting persistent remote access.","threat_types":["persistence","data_exfiltration","c2_agent"],"versions":["1.0.0"],"campaigns":["tanvisoul9 npm Backdoors"],"discovered_at":"2026-04-14"},{"ecosystem":"npm","name":"centralogger","href":"/ti/packages/npm/centralogger","description":"centralogger is identified in the SafeDep analysis \"Malicious dom-utils-lite npm SSH Backdoor via Supabase\". dom-utils-lite and centralogger on npm inject attacker SSH keys into ~/.ssh/authorized_keys and exfiltrate server metadata to Supabase-hosted C2 infrastructure, granting persistent remote access.","threat_types":["persistence","data_exfiltration","c2_agent"],"versions":["1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"campaigns":["tanvisoul9 npm Backdoors"],"discovered_at":"2026-04-14"},{"ecosystem":"npm","name":"@genoma-ui/components","href":"/ti/packages/npm/@genoma-ui/components","description":"@genoma-ui/components is identified in the SafeDep analysis \"Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others\". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.","threat_types":["c2_agent","dependency_confusion"],"versions":["999.9.9"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-04-10"},{"ecosystem":"npm","name":"rrweb-v1","href":"/ti/packages/npm/rrweb-v1","description":"rrweb-v1 is identified in the SafeDep analysis \"Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others\". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.","threat_types":["c2_agent","dependency_confusion"],"versions":["999.9.9"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-04-10"},{"ecosystem":"npm","name":"@needl-ai/common","href":"/ti/packages/npm/@needl-ai/common","description":"@needl-ai/common is identified in the SafeDep analysis \"Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others\". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.","threat_types":["c2_agent","dependency_confusion"],"versions":["999.9.9"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-04-10"},{"ecosystem":"npm","name":"sjs-biginteger","href":"/ti/packages/npm/sjs-biginteger","description":"sjs-biginteger is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"sjs-lint-build1","href":"/ti/packages/npm/sjs-lint-build1","description":"sjs-lint-build1 is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"bjs-biginteger","href":"/ti/packages/npm/bjs-biginteger","description":"bjs-biginteger is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"bjs-lint-builder","href":"/ti/packages/npm/bjs-lint-builder","description":"bjs-lint-builder is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"bjs-lint-builders","href":"/ti/packages/npm/bjs-lint-builders","description":"bjs-lint-builders is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"cjs-biginteger","href":"/ti/packages/npm/cjs-biginteger","description":"cjs-biginteger is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"ts-lint-builds","href":"/ti/packages/npm/ts-lint-builds","description":"ts-lint-builds is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"@fairwords/websocket","href":"/ti/packages/npm/@fairwords/websocket","description":"@fairwords/websocket is identified in the SafeDep analysis \"@fairwords npm Packages Hit by Credential Worm\". Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other packages using stolen npm tokens.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","worm"],"versions":["1.0.38","1.0.39"],"campaigns":["fairwords Credential Worm"],"discovered_at":"2026-04-08"},{"ecosystem":"npm","name":"@fairwords/loopback-connector-es","href":"/ti/packages/npm/@fairwords/loopback-connector-es","description":"@fairwords/loopback-connector-es is identified in the SafeDep analysis \"@fairwords npm Packages Hit by Credential Worm\". Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other packages using stolen npm tokens.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","worm"],"versions":["1.4.3","1.4.4"],"campaigns":["fairwords Credential Worm"],"discovered_at":"2026-04-08"},{"ecosystem":"npm","name":"@fairwords/encryption","href":"/ti/packages/npm/@fairwords/encryption","description":"@fairwords/encryption is identified in the SafeDep analysis \"@fairwords npm Packages Hit by Credential Worm\". Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other packages using stolen npm tokens.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","worm"],"versions":["0.0.5","0.0.6"],"campaigns":["fairwords Credential Worm"],"discovered_at":"2026-04-08"},{"ecosystem":"npm","name":"@velora-dex/sdk","href":"/ti/packages/npm/@velora-dex/sdk","description":"@velora-dex/sdk is identified in the SafeDep analysis \"Malicious @velora-dex/sdk Delivers Go RAT via npm\". Version 9.4.1 of @velora-dex/sdk, a DeFi SDK with ~2,000 weekly downloads, was compromised to deliver a Go-based remote access trojan (minirat) targeting macOS developers.","threat_types":["rat","persistence","crypto_drainer"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-08"},{"ecosystem":"pypi","name":"hermes-px","href":"/ti/packages/pypi/hermes-px","description":"hermes-px is identified in the SafeDep analysis \"Malicious hermes-px on PyPI Steals AI Conversations\". >-","threat_types":["credential_stealer","data_exfiltration"],"versions":["0.1.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-06"},{"ecosystem":"npm","name":"mgc","href":"/ti/packages/npm/mgc","description":"mgc is identified in the SafeDep analysis \"Compromised npm Package mgc Deploys Multi-Platform RAT\". The npm package mgc was compromised via account takeover, with four malicious versions published in rapid succession deploying a full Remote Access Trojan targeting macOS, Windows, and Linux.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.2.1","1.2.2","1.2.3","1.2.4"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-cron","href":"/ti/packages/npm/strapi-plugin-cron","description":"strapi-plugin-cron is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-config","href":"/ti/packages/npm/strapi-plugin-config","description":"strapi-plugin-config is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-server","href":"/ti/packages/npm/strapi-plugin-server","description":"strapi-plugin-server is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-database","href":"/ti/packages/npm/strapi-plugin-database","description":"strapi-plugin-database is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-core","href":"/ti/packages/npm/strapi-plugin-core","description":"strapi-plugin-core is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-hooks","href":"/ti/packages/npm/strapi-plugin-hooks","description":"strapi-plugin-hooks is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-monitor","href":"/ti/packages/npm/strapi-plugin-monitor","description":"strapi-plugin-monitor is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-events","href":"/ti/packages/npm/strapi-plugin-events","description":"strapi-plugin-events is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-logger","href":"/ti/packages/npm/strapi-plugin-logger","description":"strapi-plugin-logger is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-health","href":"/ti/packages/npm/strapi-plugin-health","description":"strapi-plugin-health is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-sync","href":"/ti/packages/npm/strapi-plugin-sync","description":"strapi-plugin-sync is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-seed","href":"/ti/packages/npm/strapi-plugin-seed","description":"strapi-plugin-seed is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-locale","href":"/ti/packages/npm/strapi-plugin-locale","description":"strapi-plugin-locale is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-form","href":"/ti/packages/npm/strapi-plugin-form","description":"strapi-plugin-form is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-notify","href":"/ti/packages/npm/strapi-plugin-notify","description":"strapi-plugin-notify is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-api","href":"/ti/packages/npm/strapi-plugin-api","description":"strapi-plugin-api is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8","3.6.9"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-sitemap-gen","href":"/ti/packages/npm/strapi-plugin-sitemap-gen","description":"strapi-plugin-sitemap-gen is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-tools","href":"/ti/packages/npm/strapi-plugin-nordica-tools","description":"strapi-plugin-nordica-tools is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.10"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-sync","href":"/ti/packages/npm/strapi-plugin-nordica-sync","description":"strapi-plugin-nordica-sync is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-cms","href":"/ti/packages/npm/strapi-plugin-nordica-cms","description":"strapi-plugin-nordica-cms is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-api","href":"/ti/packages/npm/strapi-plugin-nordica-api","description":"strapi-plugin-nordica-api is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-recon","href":"/ti/packages/npm/strapi-plugin-nordica-recon","description":"strapi-plugin-nordica-recon is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-stage","href":"/ti/packages/npm/strapi-plugin-nordica-stage","description":"strapi-plugin-nordica-stage is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-vhost","href":"/ti/packages/npm/strapi-plugin-nordica-vhost","description":"strapi-plugin-nordica-vhost is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-deep","href":"/ti/packages/npm/strapi-plugin-nordica-deep","description":"strapi-plugin-nordica-deep is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-lite","href":"/ti/packages/npm/strapi-plugin-nordica-lite","description":"strapi-plugin-nordica-lite is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.11"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica","href":"/ti/packages/npm/strapi-plugin-nordica","description":"strapi-plugin-nordica is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.10"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-finseven","href":"/ti/packages/npm/strapi-plugin-finseven","description":"strapi-plugin-finseven is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-hextest","href":"/ti/packages/npm/strapi-plugin-hextest","description":"strapi-plugin-hextest is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-cms-tools","href":"/ti/packages/npm/strapi-plugin-cms-tools","description":"strapi-plugin-cms-tools is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-content-sync","href":"/ti/packages/npm/strapi-plugin-content-sync","description":"strapi-plugin-content-sync is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-debug-tools","href":"/ti/packages/npm/strapi-plugin-debug-tools","description":"strapi-plugin-debug-tools is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-health-check","href":"/ti/packages/npm/strapi-plugin-health-check","description":"strapi-plugin-health-check is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-guardarian-ext","href":"/ti/packages/npm/strapi-plugin-guardarian-ext","description":"strapi-plugin-guardarian-ext is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-advanced-uuid","href":"/ti/packages/npm/strapi-plugin-advanced-uuid","description":"strapi-plugin-advanced-uuid is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-blurhash","href":"/ti/packages/npm/strapi-plugin-blurhash","description":"strapi-plugin-blurhash is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"express-session-js","href":"/ti/packages/npm/express-session-js","description":"express-session-js is identified in the SafeDep analysis \"Malicious npm Package express-session-js Drops Full RAT Payload\". A malicious npm package typosquatting express-session fetches and executes a full Remote Access Trojan from a paste service, targeting browser credentials, crypto wallets, SSH keys, and more.","threat_types":["rat","credential_stealer","crypto_drainer","data_exfiltration","c2_agent"],"versions":["1.19.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-02"},{"ecosystem":"npm","name":"axios","href":"/ti/packages/npm/axios","description":"axios is identified in the SafeDep analysis \"axios Compromised: npm Supply Chain Attack via Dependency Injection\". axios 1.14.1 was published to npm via a compromised maintainer account, injecting a trojanized dependency that executes a multi-platform reverse shell on install. No source code changes in axios itself, just a new entry in package.json.","threat_types":["rat","persistence"],"versions":["1.8.2"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-03-31"},{"ecosystem":"pypi","name":"telnyx","href":"/ti/packages/pypi/telnyx","description":"telnyx is identified in the SafeDep analysis \"Compromised telnyx on PyPI: WAV Steganography and Credential Theft\". >-","threat_types":["credential_stealer","data_exfiltration"],"versions":["2.0.0"],"campaigns":["TeamPCP"],"discovered_at":"2026-03-27"},{"ecosystem":"pypi","name":"litellm","href":"/ti/packages/pypi/litellm","description":"litellm is identified in the SafeDep analysis \"Malicious litellm 1.82.8: Credential Theft and Persistent Backdoor\". >-","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.82.8"],"campaigns":["TeamPCP"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"oc-aa-module-client","href":"/ti/packages/npm/oc-aa-module-client","description":"oc-aa-module-client is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"@wame/ngx-adfs","href":"/ti/packages/npm/@wame/ngx-adfs","description":"@wame/ngx-adfs is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"@the-coca-cola-company/ngps-global-common-utils","href":"/ti/packages/npm/@the-coca-cola-company/ngps-global-common-utils","description":"@the-coca-cola-company/ngps-global-common-utils is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"cr-static-shared-components","href":"/ti/packages/npm/cr-static-shared-components","description":"cr-static-shared-components is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"@ceeferenderer/fe-renderer-sdk","href":"/ti/packages/npm/@ceeferenderer/fe-renderer-sdk","description":"@ceeferenderer/fe-renderer-sdk is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"react-refresh-update","href":"/ti/packages/npm/react-refresh-update","description":"react-refresh-update is identified in the SafeDep analysis \"Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines\". >","threat_types":["credential_stealer","data_exfiltration","typosquat"],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","2.0.5"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-03-16"},{"ecosystem":"npm","name":"pino-sdk-v2","href":"/ti/packages/npm/pino-sdk-v2","description":"pino-sdk-v2 is identified in the SafeDep analysis \"Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord\". >","threat_types":["credential_stealer","data_exfiltration","typosquat"],"versions":["9.9.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-03-06"},{"ecosystem":"npm","name":"@Schedaero/shared","href":"/ti/packages/npm/@Schedaero/shared","description":"@Schedaero/shared is identified in the SafeDep analysis \"Malicious npm Packages Target Schedaero via Dependency Confusion\". A detailed analysis of a dependency confusion supply chain attack likely targeting Schedaero, a leading aviation software company. We dissect the payload, the exfiltration mechanism, and the indicators of compromise.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["99440.540.1"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-02-25"},{"ecosystem":"npm","name":"@zapier/zapier-sdk","href":"/ti/packages/npm/@zapier/zapier-sdk","description":"@zapier/zapier-sdk is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.15.5","0.15.6","0.15.7"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@asyncapi/specs","href":"/ti/packages/npm/@asyncapi/specs","description":"@asyncapi/specs is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["6.8.2","6.9.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown-print","href":"/ti/packages/npm/@quick-start-soft/quick-markdown-print","description":"@quick-start-soft/quick-markdown-print is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown","href":"/ti/packages/npm/@quick-start-soft/quick-markdown","description":"@quick-start-soft/quick-markdown is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-remove-image-background","href":"/ti/packages/npm/@quick-start-soft/quick-remove-image-background","description":"@quick-start-soft/quick-remove-image-background is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-git-clean-markdown","href":"/ti/packages/npm/@quick-start-soft/quick-git-clean-markdown","description":"@quick-start-soft/quick-git-clean-markdown is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-document-translator","href":"/ti/packages/npm/@quick-start-soft/quick-document-translator","description":"@quick-start-soft/quick-document-translator is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown-image","href":"/ti/packages/npm/@quick-start-soft/quick-markdown-image","description":"@quick-start-soft/quick-markdown-image is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-task-refine","href":"/ti/packages/npm/@quick-start-soft/quick-task-refine","description":"@quick-start-soft/quick-task-refine is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@asyncapi/modelina","href":"/ti/packages/npm/@asyncapi/modelina","description":"@asyncapi/modelina is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.10.2","5.10.3"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"posthog-react-native","href":"/ti/packages/npm/posthog-react-native","description":"posthog-react-native is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["4.12.5","4.11.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"posthog-node","href":"/ti/packages/npm/posthog-node","description":"posthog-node is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.13.3","4.18.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/secret-scanner-wasm","href":"/ti/packages/npm/@postman/secret-scanner-wasm","description":"@postman/secret-scanner-wasm is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["2.1.2","2.1.3"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/csv-parse","href":"/ti/packages/npm/@postman/csv-parse","description":"@postman/csv-parse is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["4.0.3","4.0.4","4.0.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/node-keytar","href":"/ti/packages/npm/@postman/node-keytar","description":"@postman/node-keytar is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["7.9.1","7.9.2","7.9.4","7.9.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/tunnel-agent","href":"/ti/packages/npm/@postman/tunnel-agent","description":"@postman/tunnel-agent is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.6.5","0.6.6"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/wdio-allure-reporter","href":"/ti/packages/npm/@postman/wdio-allure-reporter","description":"@postman/wdio-allure-reporter is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.0.7","0.0.8"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/postman-mcp-cli","href":"/ti/packages/npm/@postman/postman-mcp-cli","description":"@postman/postman-mcp-cli is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.0.3","1.0.4"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/mcp-ui-client","href":"/ti/packages/npm/@postman/mcp-ui-client","description":"@postman/mcp-ui-client is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.5.1","5.5.2"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/wdio-junit-reporter","href":"/ti/packages/npm/@postman/wdio-junit-reporter","description":"@postman/wdio-junit-reporter is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.0.4","0.0.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/pm-bin-macos-arm64","href":"/ti/packages/npm/@postman/pm-bin-macos-arm64","description":"@postman/pm-bin-macos-arm64 is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.24.4","1.24.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/pm-bin-linux-x64","href":"/ti/packages/npm/@postman/pm-bin-linux-x64","description":"@postman/pm-bin-linux-x64 is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.24.4","1.24.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/aether-icons","href":"/ti/packages/npm/@postman/aether-icons","description":"@postman/aether-icons is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["2.23.3","2.23.4"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"hyatt-residential-roster","href":"/ti/packages/npm/hyatt-residential-roster","description":"hyatt-residential-roster is identified in the SafeDep analysis \"Malicious npm Packages Impersonating Hyatt Internal Dependencies\". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.","threat_types":["typosquat"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-10-23"},{"ecosystem":"npm","name":"hyatt-album","href":"/ti/packages/npm/hyatt-album","description":"hyatt-album is identified in the SafeDep analysis \"Malicious npm Packages Impersonating Hyatt Internal Dependencies\". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.","threat_types":["typosquat"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-10-23"},{"ecosystem":"npm","name":"hyatt-avatar","href":"/ti/packages/npm/hyatt-avatar","description":"hyatt-avatar is identified in the SafeDep analysis \"Malicious npm Packages Impersonating Hyatt Internal Dependencies\". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.","threat_types":["typosquat"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-10-23"},{"ecosystem":"npm","name":"@ctrl/tinycolor","href":"/ti/packages/npm/@ctrl/tinycolor","description":"@ctrl/tinycolor is identified in the SafeDep analysis \"npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More\". npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will analyze the attack and its impact on the npm ecosystem. We will also look at common attack patterns that are being used to target maintainers.","threat_types":["credential_stealer","data_exfiltration"],"versions":["4.1.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-09-16"},{"ecosystem":"npm","name":"ansi-styles","href":"/ti/packages/npm/ansi-styles","description":"ansi-styles is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["6.2.2"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"debug","href":"/ti/packages/npm/debug","description":"debug is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["4.4.2"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"chalk","href":"/ti/packages/npm/chalk","description":"chalk is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["5.6.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"supports-color","href":"/ti/packages/npm/supports-color","description":"supports-color is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["10.2.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"strip-ansi","href":"/ti/packages/npm/strip-ansi","description":"strip-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["7.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"ansi-regex","href":"/ti/packages/npm/ansi-regex","description":"ansi-regex is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["6.2.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"wrap-ansi","href":"/ti/packages/npm/wrap-ansi","description":"wrap-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["9.0.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"color-convert","href":"/ti/packages/npm/color-convert","description":"color-convert is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["3.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"color-name","href":"/ti/packages/npm/color-name","description":"color-name is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["2.0.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"is-arrayish","href":"/ti/packages/npm/is-arrayish","description":"is-arrayish is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["0.3.3"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"slice-ansi","href":"/ti/packages/npm/slice-ansi","description":"slice-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["7.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"error-ex","href":"/ti/packages/npm/error-ex","description":"error-ex is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["1.3.3"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"color-string","href":"/ti/packages/npm/color-string","description":"color-string is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["2.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"simple-swizzle","href":"/ti/packages/npm/simple-swizzle","description":"simple-swizzle is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["0.2.3"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"supports-hyperlinks","href":"/ti/packages/npm/supports-hyperlinks","description":"supports-hyperlinks is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["4.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"has-ansi","href":"/ti/packages/npm/has-ansi","description":"has-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["6.0.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"chalk-template","href":"/ti/packages/npm/chalk-template","description":"chalk-template is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["1.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"backslash","href":"/ti/packages/npm/backslash","description":"backslash is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["0.2.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"nx","href":"/ti/packages/npm/nx","description":"nx is identified in the SafeDep analysis \"nx Build System Compromised Targeting Linux and MacOS developers\". The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that stole credentials, exfiltrated sensitive files, and added destructive commands to shell configs, causing system shutdowns and data leaks.","threat_types":["credential_stealer","data_exfiltration","wiper"],"versions":["21.5.0"],"campaigns":["s1ngularity nx Build System Compromise"],"discovered_at":"2025-08-27"},{"ecosystem":"npm","name":"@nx/js","href":"/ti/packages/npm/@nx/js","description":"@nx/js is identified in the SafeDep analysis \"nx Build System Compromised Targeting Linux and MacOS developers\". The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that stole credentials, exfiltrated sensitive files, and added destructive commands to shell configs, causing system shutdowns and data leaks.","threat_types":["credential_stealer","data_exfiltration","wiper"],"versions":["20.9.0"],"campaigns":["s1ngularity nx Build System Compromise"],"discovered_at":"2025-08-27"},{"ecosystem":"npm","name":"tensorflowjs","href":"/ti/packages/npm/tensorflowjs","description":"tensorflowjs is identified in the SafeDep analysis \"TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers\". A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"bitensor","href":"/ti/packages/pypi/bitensor","description":"bitensor is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4","9.9.5"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"bittenso-cli","href":"/ti/packages/pypi/bittenso-cli","description":"bittenso-cli is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"qbittensor","href":"/ti/packages/pypi/qbittensor","description":"qbittensor is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"bittenso","href":"/ti/packages/pypi/bittenso","description":"bittenso is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.5"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"npm","name":"eslint-config-prettier","href":"/ti/packages/npm/eslint-config-prettier","description":"eslint-config-prettier is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["8.10.1","9.1.1","10.1.6","10.1.7"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"eslint-plugin-prettier","href":"/ti/packages/npm/eslint-plugin-prettier","description":"eslint-plugin-prettier is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["4.2.2","4.2.3"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"snyckit","href":"/ti/packages/npm/snyckit","description":"snyckit is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["0.11.9"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"@pkgr/core","href":"/ti/packages/npm/@pkgr/core","description":"@pkgr/core is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["0.2.8"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"napi-postinstall","href":"/ti/packages/npm/napi-postinstall","description":"napi-postinstall is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"express-cookie-parser","href":"/ti/packages/npm/express-cookie-parser","description":"express-cookie-parser is identified in the SafeDep analysis \"Malicious npm Package Impersonating Popular Express Cookie Parser\". A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-04-23"},{"ecosystem":"npm","name":"slf4j-api-js","href":"/ti/packages/npm/slf4j-api-js","description":"slf4j-api-js is identified in the SafeDep analysis \"Malicious npm Package Impersonating Java SLF4J\". A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-04-21"},{"ecosystem":"npm","name":"nyc-config","href":"/ti/packages/npm/nyc-config","description":"nyc-config is identified in the SafeDep analysis \"Typosquatt alert ! Malicious npm Package: nyc-config\". Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-03-13"},{"ecosystem":"npm","name":"chrome-api-utils","href":"/ti/packages/npm/chrome-api-utils","description":"chrome-api-utils is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.1.0"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"grafana-sentry-datasource","href":"/ti/packages/npm/grafana-sentry-datasource","description":"grafana-sentry-datasource is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.0.4"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"@patternfly-v5/patternfly","href":"/ti/packages/npm/@patternfly-v5/patternfly","description":"@patternfly-v5/patternfly is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.0.2"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"electron-builder-13","href":"/ti/packages/npm/electron-builder-13","description":"electron-builder-13 is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["13.4.5"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"graphql.vscode-graphql-syntax","href":"/ti/packages/npm/graphql.vscode-graphql-syntax","description":"graphql.vscode-graphql-syntax is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["99.99.99"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"mattermost-cloudnative-bootstrapper","href":"/ti/packages/npm/mattermost-cloudnative-bootstrapper","description":"mattermost-cloudnative-bootstrapper is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.0.0"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"themes-vendor","href":"/ti/packages/npm/themes-vendor","description":"themes-vendor is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1","0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"x509-escaping","href":"/ti/packages/npm/x509-escaping","description":"x509-escaping is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1","0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"keycloak-server","href":"/ti/packages/npm/keycloak-server","description":"keycloak-server is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1","0.0.3"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"module-stub","href":"/ti/packages/npm/module-stub","description":"module-stub is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"postject-copy","href":"/ti/packages/npm/postject-copy","description":"postject-copy is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"micrometer-docs","href":"/ti/packages/npm/micrometer-docs","description":"micrometer-docs is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.3"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"orbit-playroom","href":"/ti/packages/npm/orbit-playroom","description":"orbit-playroom is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"weekendfe","href":"/ti/packages/npm/weekendfe","description":"weekendfe is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"llm-oracle","href":"/ti/packages/npm/llm-oracle","description":"llm-oracle is identified in the SafeDep analysis \"Malicious Open Source Library Analysis: llm-oracle and its Payload\". Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-11-04"},{"ecosystem":"npm","name":"redis-oracle","href":"/ti/packages/npm/redis-oracle","description":"redis-oracle is identified in the SafeDep analysis \"Malicious Open Source Library Analysis: llm-oracle and its Payload\". Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.","threat_types":["other"],"versions":["0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-11-04"}]