[{"ecosystem":"crates","name":"onering","href":"/ti/packages/crates/onering","description":"Rust crate on crates.io whose v1.4.1 (malicious commit 45e552f541dd96c2ac224d1b97cb7cda1c1d63e9) ships a malicious build.rs build script (74 lines), added alongside a new 'uuid' build-dependency in Cargo.toml (uuid 1.23, default-features=false, features=[\"v4\"]) used to mint the Sentry event_id. At cargo build time the script walks up from OUT_DIR until it finds the parent of a 'target' directory, i.e. it deliberately locates the consuming Cargo workspace/project root. It captures the latest commit metadata via 'git log -n 1 --pretty=format:{...}' (commit hash, author name, author email, date, subject) and the full latest-commit source diff via 'git diff HEAD^ HEAD', then exfiltrates everything as a three-line Sentry NDJSON envelope (event_id from Uuid::new_v4, dsn carrying public key 8197ee42c4f59c83f4cc6d48f5bae821, message 'on build', platform 'rust', commit fields as tags, the patch in extra) POSTed via curl with Content-Type application/x-sentry-envelope to an abused Sentry ingest endpoint. Every step uses Ok()-guarded early returns (silent failure) so a failed exfil never breaks the host build. The victim is the dependent project: developer emails, internal commit messages, and proprietary source code from private repositories are stolen at compile time. Recommendation: yank version 1.4.1.","threat_types":["data_exfiltration"],"versions":["1.4.1"],"campaigns":[],"discovered_at":"2026-06-10"},{"ecosystem":"pypi","name":"gpt-pilot","href":"/ti/packages/pypi/gpt-pilot","description":"gpt-pilot (Pythagora-io/gpt-pilot) is a Python AI coding assistant repository compromised on June 8, 2026 in Miasma: The Spreading Blight Wave cluster 3. The attacker pushed a direct PAT commit injecting two files: core/telemetry/_hooks.py (Python stager, SHA-256: 51b4dd39a15af1e28e97adc375849d688423ec3d88e8010644395fcdea52a3cc) and core/telemetry/_runtime.bin (758 KB Bun JS payload, SHA-256: c96f37e1b9cdc9683a300909492ed9f770b620d0037e5b80e23753cba7ca4077). The legitimate core/telemetry/__init__.py was modified to spawn a daemon thread at module import time that calls run() from _hooks.py, which detects OS/arch, downloads Bun v1.3.13 if absent, and executes _runtime.bin as a detached subprocess with suppressed stdio. A lock file at core/telemetry/.loader.lock prevents double-execution. Exceptions are silently swallowed. This is the first confirmed Shai-Hulud/Miasma injection into a Python-language GitHub repository. The stager is derived directly from src/assets/PYTHON_LOADER.py in the attacker toolkit edxeth/Shai-Hulud-Open-Source (created 2026-05-13).","threat_types":["credential_stealer","data_exfiltration","persistence"],"versions":["compromised-source-2026-06-08"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"pantheon-toolsets","href":"/ti/packages/pypi/pantheon-toolsets","description":"pantheon-toolsets is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.5.5","0.5.6"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"pantheon-agents","href":"/ti/packages/pypi/pantheon-agents","description":"pantheon-agents is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.6.1","0.6.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"magique","href":"/ti/packages/pypi/magique","description":"magique is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.6.8","0.6.9"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"magique-ai","href":"/ti/packages/pypi/magique-ai","description":"magique-ai is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.4.4","0.4.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"executor-engine","href":"/ti/packages/pypi/executor-engine","description":"executor-engine is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.3.4","0.3.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"executor-http","href":"/ti/packages/pypi/executor-http","description":"executor-http is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.3","0.1.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"funcdesc","href":"/ti/packages/pypi/funcdesc","description":"funcdesc is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.2.2","0.2.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"cmd2func","href":"/ti/packages/pypi/cmd2func","description":"cmd2func is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.2.2","0.2.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"coolbox","href":"/ti/packages/pypi/coolbox","description":"coolbox is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.4.1","0.4.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"ufish","href":"/ti/packages/pypi/ufish","description":"ufish is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.2","0.1.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"napari-ufish","href":"/ti/packages/pypi/napari-ufish","description":"napari-ufish is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.0.2","0.0.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"nucbox","href":"/ti/packages/pypi/nucbox","description":"nucbox is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.2","0.1.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"okite","href":"/ti/packages/pypi/okite","description":"okite is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.0.7","0.0.8"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"bramin","href":"/ti/packages/pypi/bramin","description":"bramin is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.0.2","0.0.3","0.0.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"synago","href":"/ti/packages/pypi/synago","description":"synago is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.1","0.1.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"mrbios","href":"/ti/packages/pypi/mrbios","description":"mrbios is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.1","0.1.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"uprobe","href":"/ti/packages/pypi/uprobe","description":"uprobe is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.3","0.1.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"spateo-release","href":"/ti/packages/pypi/spateo-release","description":"spateo-release is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["1.1.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"dynamo-release","href":"/ti/packages/pypi/dynamo-release","description":"dynamo-release is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["1.5.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"ppkt2synergy","href":"/ti/packages/pypi/ppkt2synergy","description":"ppkt2synergy is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"mflux-streamlit","href":"/ti/packages/pypi/mflux-streamlit","description":"mflux-streamlit is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.0.3","0.0.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"nhmpy","href":"/ti/packages/pypi/nhmpy","description":"nhmpy is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["2.4.7"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"embiggen","href":"/ti/packages/pypi/embiggen","description":"embiggen is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.11.97"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"gpsea","href":"/ti/packages/pypi/gpsea","description":"gpsea is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.9.14"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"pyphetools","href":"/ti/packages/pypi/pyphetools","description":"pyphetools is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.9.120"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"pypi","name":"ensmallen","href":"/ti/packages/pypi/ensmallen","description":"ensmallen is one of 26 PyPI packages in the (2026-06-08) PyPI arm of the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The package identity and affected versions are taken from the maintainer-supplied authoritative consolidated package list (HIGH CONFIDENCE). The PyPI delivery mechanism, payload, and entry vector have NOT yet been analyzed (OBSERVED, not characterized); inclusion in the Miasma package set is by authoritative-list membership only and does NOT confirm the same ROT-N + AES-128-GCM Bun loader / Phantom Gyp tradecraft used in the npm arms.","threat_types":["other"],"versions":["0.8.101"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-08"},{"ecosystem":"npm","name":"weavedb-sdk","href":"/ti/packages/npm/weavedb-sdk","description":"Flagship WeaveDB SDK package trojanized in the IronWorm campaign and published from the compromised `asteroiddao` npm account. Carries a `preinstall: ./tools/setup` hook that executes a ~976 KB UPX-packed Rust ELF infostealer with an eBPF rootkit component.","threat_types":["credential_stealer","worm","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["0.45.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-lite","href":"/ti/packages/npm/weavedb-lite","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-sdk-base","href":"/ti/packages/npm/weavedb-sdk-base","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.21.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"test-weavedb-sdk","href":"/ti/packages/npm/test-weavedb-sdk","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["1.1.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-warp-contracts-plugin-deploy","href":"/ti/packages/npm/weavedb-warp-contracts-plugin-deploy","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["1.0.11"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"arnext-arkb","href":"/ti/packages/npm/arnext-arkb","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.0.2"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-console","href":"/ti/packages/npm/weavedb-console","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.2.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"arnext","href":"/ti/packages/npm/arnext","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.5"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"roidjs","href":"/ti/packages/npm/roidjs","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.7"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-exm-sdk","href":"/ti/packages/npm/weavedb-exm-sdk","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.7.4"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"create-arnext-app","href":"/ti/packages/npm/create-arnext-app","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.0.10"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-tools","href":"/ti/packages/npm/weavedb-tools","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"wdb-core","href":"/ti/packages/npm/wdb-core","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.2"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"cwao-tools","href":"/ti/packages/npm/cwao-tools","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.3.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"test-ajs","href":"/ti/packages/npm/test-ajs","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.19"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"monade","href":"/ti/packages/npm/monade","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.0.7"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-exm-sdk-web","href":"/ti/packages/npm/weavedb-exm-sdk-web","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.7.4"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"testnpmnmp","href":"/ti/packages/npm/testnpmnmp","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["1.0.21"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"warp-contracts-plugin-deploy-test","href":"/ti/packages/npm/warp-contracts-plugin-deploy-test","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["3.0.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"wdb-cli","href":"/ti/packages/npm/wdb-cli","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"ai3","href":"/ti/packages/npm/ai3","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.3.5"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"cwao-units","href":"/ti/packages/npm/cwao-units","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.8.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"atomic-notes","href":"/ti/packages/npm/atomic-notes","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.5.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"cwao","href":"/ti/packages/npm/cwao","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.5.6"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-client","href":"/ti/packages/npm/weavedb-client","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"wdb-sdk","href":"/ti/packages/npm/wdb-sdk","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.2"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-offchain","href":"/ti/packages/npm/weavedb-offchain","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.4"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"fpjson-lang","href":"/ti/packages/npm/fpjson-lang","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.7"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-contracts","href":"/ti/packages/npm/weavedb-contracts","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.2"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-node-client","href":"/ti/packages/npm/weavedb-node-client","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"arjson","href":"/ti/packages/npm/arjson","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.1.4"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"hbsig","href":"/ti/packages/npm/hbsig","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.3.2"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"zkjson","href":"/ti/packages/npm/zkjson","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.8.5"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"aonote","href":"/ti/packages/npm/aonote","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.11.1"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-base","href":"/ti/packages/npm/weavedb-base","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"weavedb-sdk-node","href":"/ti/packages/npm/weavedb-sdk-node","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.45.3"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"wao","href":"/ti/packages/npm/wao","description":"IronWorm trojanized npm package published from compromised `asteroiddao` account.","threat_types":["credential_stealer","worm","data_exfiltration"],"versions":["0.41.2"],"campaigns":["IronWorm"],"discovered_at":"2026-06-03"},{"ecosystem":"npm","name":"faster-axios","href":"/ti/packages/npm/faster-axios","description":"Wave 2 of the Epsilon Axios Typosquat Campaign. Typosquat of axios (full copy of real axios source, 78 files) with attacker-added lib/core/eval.js triggered by postinstall hook. Stage 1 fetches remote JS via eval(). Chain delivers an ~86MB NSIS-padded PE32 (hello.exe) containing an electron-builder Electron app. The payload is Epsilon Stealer (MaaS), a 3,360-line JS infostealer (package.json name: 'winhost', version 1.0.1, author: 'OracleCorporation' decoy, epsilon_key: SK-754644F96BBA9652C8A2A08042ABAF58827D). Capabilities: browser credential theft (Chrome/Brave/Edge/Vivaldi/Opera/Yandex/Firefox via DPAPI+koffi FFI), 30+ crypto wallet theft with BIP-39 seed extraction, Discord token theft, Telegram session theft, GitHub backup code theft, sensitive file keyword scanning (EN+FR), persistence via svchost.exe copy + Run key, process injection (XOR-decoded shellcode into suspended dllhost.exe via koffi FFI into kernel32.dll), WebSocket RAT with cmd.exe/powershell execution, and sandbox detection via IP/hostname blacklists. Uses 5 Cloudflare quick-tunnels for delivery, exfil API, secondary download, WebSocket RAT gateway, and shellcode download. Published by throwaway npm account speedsteraxios after turbo-axios was taken down.","threat_types":["typosquat","credential_stealer","rat","c2_agent","data_exfiltration","persistence"],"versions":["1.17.3","1.17.4"],"campaigns":["Epsilon Axios Typosquat Campaign"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"turbo-axios","href":"/ti/packages/npm/turbo-axios","description":"Wave 1 of the Epsilon Axios Typosquat Campaign. Precursor axios typosquat published 2026-05-23, taken down by npm security hold 2026-05-28 (5 days). Same operator as faster-axios: shared infrastructure (consequences-faces-weblogs-clinical.trycloudflare.com used as stage-2 C2 for turbo-axios v1.17.2 and as DOWNLOAD_URL in faster-axios Epsilon Stealer source), identical version numbering (1.17.x), same postinstall hook (node ./lib/core/eval.js), same sendAnalytics() function name, same /download/datab1 URL path pattern. v1.17.2 used consequences-faces-weblogs-clinical.trycloudflare.com/download/datab1 as stage-2 endpoint. v1.17.3 rotated to philosophy-moms-incoming-milton.trycloudflare.com/download/datab1. OSV: MAL-2026-4695.","threat_types":["typosquat","credential_stealer","c2_agent"],"versions":["1.17.2","1.17.3"],"campaigns":["Epsilon Axios Typosquat Campaign"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@emcd-vue/auth","href":"/ti/packages/npm/@emcd-vue/auth","description":"Wave 3 dropper published by emcd-vue on 2026-06-01. Version 6.4.8 (137.5 KB, entropy 5.04) is the original WaCk/JScrambler-obfuscated dropper. Version 6.4.9 (13.3 KB) is a lighter re-publish 22 minutes later with the same logic, used for static analysis recovery. Both carry the same X-Secret (l95HdDaz3kQx1Zsg3WxH6HvKANf51RY1) and report to oob.moika.tech. Payload written to ~/.emcd-vue_init.js; FUSION_ env-var protocol passed to second stage.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent","persistence"],"versions":["6.4.8","6.4.9"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@emcd-vue/loans","href":"/ti/packages/npm/@emcd-vue/loans","description":"Wave 3 dependency confusion package published by emcd-vue on 2026-06-01T07:05:43Z, 91 seconds after @emcd-vue/auth@6.4.8. Identical infrastructure: same C2 endpoints (oob.moika.tech/payload, oob.moika.tech/report), same X-Secret, same payload filename (~/.emcd-vue_init.js), same User-Agent (emcd-vue-telemetry/1.0). Targets the @emcd-vue scope, impersonating EMCD's internal loan/lending modules.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent","persistence"],"versions":["7.1.7"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@emcd-vue/b2b-pay-form","href":"/ti/packages/npm/@emcd-vue/b2b-pay-form","description":"Wave 3 dependency confusion package published by emcd-vue on 2026-06-01. Version not fully documented. Confirmed same npm account and scope; full version string not recovered in analysis. Operator stated 4 packages total across the wave; this is the fourth confirmed name.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["unknown"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/compliance-client","href":"/ti/packages/npm/@redhat-cloud-services/compliance-client","description":"@redhat-cloud-services/compliance-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.0.3) was later unpublished, wave 2 (4.0.4) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.0.3","4.0.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/config-manager-client","href":"/ti/packages/npm/@redhat-cloud-services/config-manager-client","description":"@redhat-cloud-services/config-manager-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (5.0.4) was later unpublished, wave 2 (5.0.5) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["5.0.4","5.0.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/entitlements-client","href":"/ti/packages/npm/@redhat-cloud-services/entitlements-client","description":"@redhat-cloud-services/entitlements-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.0.11) was later unpublished, wave 2 (4.0.12) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.0.11","4.0.12"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/host-inventory-client","href":"/ti/packages/npm/@redhat-cloud-services/host-inventory-client","description":"@redhat-cloud-services/host-inventory-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (5.0.3) was later unpublished, wave 2 (5.0.4) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["5.0.3","5.0.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/insights-client","href":"/ti/packages/npm/@redhat-cloud-services/insights-client","description":"@redhat-cloud-services/insights-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.0.4) was later unpublished, wave 2 (4.0.5) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.0.4","4.0.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/integrations-client","href":"/ti/packages/npm/@redhat-cloud-services/integrations-client","description":"@redhat-cloud-services/integrations-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (6.0.4) was later unpublished, wave 2 (6.0.5) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["6.0.4","6.0.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/notifications-client","href":"/ti/packages/npm/@redhat-cloud-services/notifications-client","description":"@redhat-cloud-services/notifications-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (6.1.4) was later unpublished, wave 2 (6.1.5) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["6.1.4","6.1.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/patch-client","href":"/ti/packages/npm/@redhat-cloud-services/patch-client","description":"@redhat-cloud-services/patch-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.0.4) was later unpublished, wave 2 (4.0.5) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.0.4","4.0.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/quickstarts-client","href":"/ti/packages/npm/@redhat-cloud-services/quickstarts-client","description":"@redhat-cloud-services/quickstarts-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.0.11) was later unpublished, wave 2 (4.0.12) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.0.11","4.0.12"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/rbac-client","href":"/ti/packages/npm/@redhat-cloud-services/rbac-client","description":"@redhat-cloud-services/rbac-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (9.0.3) was later unpublished, wave 2 (9.0.4) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["9.0.3","9.0.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/remediations-client","href":"/ti/packages/npm/@redhat-cloud-services/remediations-client","description":"@redhat-cloud-services/remediations-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.0.4) was later unpublished, wave 2 (4.0.5) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.0.4","4.0.5"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/javascript-clients-shared","href":"/ti/packages/npm/@redhat-cloud-services/javascript-clients-shared","description":"@redhat-cloud-services/javascript-clients-shared is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (2.0.8) was later unpublished, wave 2 (2.0.9) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["2.0.8","2.0.9"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/sources-client","href":"/ti/packages/npm/@redhat-cloud-services/sources-client","description":"@redhat-cloud-services/sources-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (3.0.10) was later unpublished, wave 2 (3.0.11) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["3.0.10","3.0.11"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/topological-inventory-client","href":"/ti/packages/npm/@redhat-cloud-services/topological-inventory-client","description":"@redhat-cloud-services/topological-inventory-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (3.0.10) was later unpublished, wave 2 (3.0.11) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["3.0.10","3.0.11"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/vulnerabilities-client","href":"/ti/packages/npm/@redhat-cloud-services/vulnerabilities-client","description":"@redhat-cloud-services/vulnerabilities-client is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (2.1.8) was later unpublished, wave 2 (2.1.9) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["2.1.8","2.1.9"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/chrome","href":"/ti/packages/npm/@redhat-cloud-services/chrome","description":"@redhat-cloud-services/chrome is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (2.3.1) was later unpublished, wave 2 (2.3.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["2.3.1","2.3.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/eslint-config-redhat-cloud-services","href":"/ti/packages/npm/@redhat-cloud-services/eslint-config-redhat-cloud-services","description":"@redhat-cloud-services/eslint-config-redhat-cloud-services is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (3.2.1) was later unpublished, wave 2 (3.2.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["3.2.1","3.2.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components","description":"@redhat-cloud-services/frontend-components is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (7.7.2) was later unpublished, wave 2 (7.7.3) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["7.7.2","7.7.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-advisor-components","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-advisor-components","description":"@redhat-cloud-services/frontend-components-advisor-components is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (3.8.2) was later unpublished, wave 2 (3.8.4) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["3.8.2","3.8.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-config","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-config","description":"@redhat-cloud-services/frontend-components-config is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (6.11.3) was later unpublished, wave 2 (6.11.4) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["6.11.3","6.11.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-config-utilities","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-config-utilities","description":"@redhat-cloud-services/frontend-components-config-utilities is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.11.2) was later unpublished, wave 2 (4.11.3) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.11.2","4.11.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-notifications","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-notifications","description":"@redhat-cloud-services/frontend-components-notifications is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (6.9.2) was later unpublished, wave 2 (6.9.3) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["6.9.2","6.9.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-remediations","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-remediations","description":"@redhat-cloud-services/frontend-components-remediations is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.9.2) was later unpublished, wave 2 (4.9.3) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.9.2","4.9.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-testing","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-testing","description":"@redhat-cloud-services/frontend-components-testing is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (1.2.1) was later unpublished, wave 2 (1.2.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["1.2.1","1.2.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-translations","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-translations","description":"@redhat-cloud-services/frontend-components-translations is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.4.1) was later unpublished, wave 2 (4.4.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.4.1","4.4.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/frontend-components-utilities","href":"/ti/packages/npm/@redhat-cloud-services/frontend-components-utilities","description":"@redhat-cloud-services/frontend-components-utilities is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (7.4.1) was later unpublished, wave 2 (7.4.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["7.4.1","7.4.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/rule-components","href":"/ti/packages/npm/@redhat-cloud-services/rule-components","description":"@redhat-cloud-services/rule-components is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (4.7.2) was later unpublished, wave 2 (4.7.3) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["4.7.2","4.7.3"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/tsc-transform-imports","href":"/ti/packages/npm/@redhat-cloud-services/tsc-transform-imports","description":"@redhat-cloud-services/tsc-transform-imports is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (1.2.2) was later unpublished, wave 2 (1.2.4) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["1.2.2","1.2.4"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/types","href":"/ti/packages/npm/@redhat-cloud-services/types","description":"@redhat-cloud-services/types is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (3.6.1) was later unpublished, wave 2 (3.6.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["3.6.1","3.6.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/hcc-feo-mcp","href":"/ti/packages/npm/@redhat-cloud-services/hcc-feo-mcp","description":"@redhat-cloud-services/hcc-feo-mcp is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (0.3.1) was later unpublished, wave 2 (0.3.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["0.3.1","0.3.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/hcc-kessel-mcp","href":"/ti/packages/npm/@redhat-cloud-services/hcc-kessel-mcp","description":"@redhat-cloud-services/hcc-kessel-mcp is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (0.3.1) was later unpublished, wave 2 (0.3.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["0.3.1","0.3.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@redhat-cloud-services/hcc-pf-mcp","href":"/ti/packages/npm/@redhat-cloud-services/hcc-pf-mcp","description":"@redhat-cloud-services/hcc-pf-mcp is one of 32 @redhat-cloud-services scope packages compromised on June 1, 2026 in the Miasma: The Spreading Blight campaign (a variant of / derived from Mini Shai-Hulud). The attacker abused npm GitHub Actions trusted publishing by pushing short-lived oidc-<hex> branches that rewrote the trusted CI workflow into a self-publishing job, exchanged the OIDC token for npm publish tokens, repackaged the legitimate tarball with a malicious preinstall hook, and republished with valid SLSA provenance. Published in two waves ~3h apart; wave 1 (0.6.1) was later unpublished, wave 2 (0.6.2) is the live latest.","threat_types":["worm","credential_stealer","data_exfiltration","persistence"],"versions":["0.6.1","0.6.2"],"campaigns":["Miasma: The Spreading Blight"],"discovered_at":"2026-06-01"},{"ecosystem":"npm","name":"@t-in-one/add_application","href":"/ti/packages/npm/@t-in-one/add_application","description":"Representative package of the @t-in-one scope (10 packages at 5.7.1, published by t-in-one on 2026-05-29 within a ~43-second batch). Credential/token-themed names (add_application, add_app_middleware_token, get_application_hid, form_product_token, application_id_storage_key_token, only_difference_payload, prefill_credit_data_token, prefill_bundle_data_token, add_application_tid, add_application_service_token) masquerade as internal auth modules. postinstall.js is three-layer obfuscated and reports to oob.moika.tech with the shared X-Secret. Tarball SHA256: 23ccdefb9b917373a4b723d8d482eb6b8880e7e45b0d21cfa5d21d5c27da4918.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["5.7.1"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-29"},{"ecosystem":"npm","name":"@capibar.chat/ui-kit","href":"/ti/packages/npm/@capibar.chat/ui-kit","description":"Dependency-confusion impersonation in the @capibar.chat scope, published by t-in-one. Version 99.5.7 weaponized on 2026-05-29; scope pre-staged with benign-versioned 99.0.7 on 2026-05-04. Same C2 and X-Secret as the rest of the campaign.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.0.7","99.5.7"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-29"},{"ecosystem":"npm","name":"@sber-ecom-core/sberpay-widget","href":"/ti/packages/npm/@sber-ecom-core/sberpay-widget","description":"Dependency-confusion impersonation of Sberbank's internal SberPay payment widget, published by t-in-one. Version 99.5.8 is latest; 99.5.7 also published 2026-05-29; scope pre-staged with benign-versioned 99.0.7 on 2026-05-04. Confirms the campaign's financial-sector / Russian-market targeting. Same C2 and X-Secret as the rest of the campaign.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.0.7","99.5.7","99.5.8"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-29"},{"ecosystem":"npm","name":"terminal-logger-utils","href":"/ti/packages/npm/terminal-logger-utils","description":"RC4/XOR obfuscated MicrosoftSystem64 dropper published by jpeek895 cluster (May 20-21, 2026). Same dropper infrastructure as js-logger-pack. Attributed to DPRK Famous Chollima. OSV: MAL-2026-4198 / GHSA-h9jr-prgp-c322.","threat_types":["credential_stealer","rat","c2_agent","data_exfiltration"],"versions":["1.0.0"],"campaigns":["Contagious Interview"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"ts-logger-pack","href":"/ti/packages/npm/ts-logger-pack","description":"Dependency proxy to terminal-logger-utils, acting as a relay package in the MicrosoftSystem64 dropper chain. Published Apr 1 / May 20, 2026. Attributed to DPRK Famous Chollima. OSV: MAL-2026-4199 / GHSA-8w97-mwv3-cwx3.","threat_types":["credential_stealer","rat","c2_agent","data_exfiltration"],"versions":["1.0.0"],"campaigns":["Contagious Interview"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"pretty-logger-utils","href":"/ti/packages/npm/pretty-logger-utils","description":"MicrosoftSystem64 dropper published by jpeek895 cluster (May 2026). Same dropper infrastructure. Attributed to DPRK Famous Chollima.","threat_types":["credential_stealer","rat","c2_agent","data_exfiltration"],"versions":["1.0.0"],"campaigns":["Contagious Interview"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"pinno-loggers","href":"/ti/packages/npm/pinno-loggers","description":"MicrosoftSystem64 dropper published by jpeek895 cluster (May 2026). Same dropper infrastructure. Attributed to DPRK Famous Chollima.","threat_types":["credential_stealer","rat","c2_agent","data_exfiltration"],"versions":["1.0.0"],"campaigns":["Contagious Interview"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"polymarket-validator","href":"/ti/packages/npm/polymarket-validator","description":"Contagious Trader package published by toskypi (Feb 2026). Exfiltrates to sha256-validate-rpc.vercel[.]app. Attributed to DPRK Famous Chollima via toskypi identity (tosky.pi1016@gmail.com).","threat_types":["credential_stealer","data_exfiltration"],"versions":["1.0.0"],"campaigns":["Contagious Interview"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"changelog-logger-utilities","href":"/ti/packages/npm/changelog-logger-utilities","description":"Contagious Trader package published by toskypi (Mar 15, 2026). Exfiltrates to changelog[.]rest. Attributed to DPRK Famous Chollima via toskypi identity.","threat_types":["credential_stealer","data_exfiltration"],"versions":["1.0.0"],"campaigns":["Contagious Interview"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"@cloudplatform-single-spa/billing","href":"/ti/packages/npm/@cloudplatform-single-spa/billing","description":"Representative package from the @cloudplatform-single-spa scope (122 packages total). All packages at version 99.99.99 published by mr.4nd3r50n on 2026-05-27T21:15 UTC. 120 carry active postinstall payloads; 2 are no-payload placeholders. Packages mirror internal cloud platform services: billing, VPC, Kubernetes, ML inference, IAM, certificate manager, object storage, VDI, bare metal servers, observability, and more.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.99.99"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"@mlspace/shared-storage","href":"/ti/packages/npm/@mlspace/shared-storage","description":"Representative package from the @mlspace scope (17 packages total). All packages at version 99.99.99 published by mr.4nd3r50n on 2026-05-27T21:15 UTC. 16 carry active postinstall payloads; 1 (model-registry) is a no-payload placeholder. Packages mirror internal ML platform / AI workspace modules: model monitoring, experiments, dtransfer, inference-build, inference-deploy, docker-registry, connectors, allocations.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.99.99"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"@car-loans/mobile-car-loans-application","href":"/ti/packages/npm/@car-loans/mobile-car-loans-application","description":"Representative package from the @car-loans scope (19 packages total). All packages at version 99.99.99 published by pik-libs on 2026-05-27T21:37 UTC. All 19 carry active postinstall payloads. Packages mirror internal banking car loan application micro-frontends: mobile/desktop applications, online scoring, deal flows, referrer modules, feature toggles, analytics.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.99.99"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"@fb-deposit/form-deposit","href":"/ti/packages/npm/@fb-deposit/form-deposit","description":"Representative package from the @fb-deposit scope (4 packages total). All packages at version 99.99.99 published by pik-libs on 2026-05-27T21:37 UTC. All 4 carry active postinstall payloads. Packages mirror internal banking deposit form modules: form-deposit, form-deposit-auth, form-deposit-calc, form-savings-account.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.99.99"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"@debit-ib/mobile-debit-ib-additional-card-form","href":"/ti/packages/npm/@debit-ib/mobile-debit-ib-additional-card-form","description":"Representative package from the @debit-ib scope (2 packages total). All packages at version 99.99.99 published by pik-libs on 2026-05-27T21:37 UTC. Both carry active postinstall payloads. Packages mirror internal debit / internet banking additional card form modules.","threat_types":["dependency_confusion","credential_stealer","data_exfiltration","c2_agent"],"versions":["99.99.99"],"campaigns":["oob-moika-tech-depconf-2026"],"discovered_at":"2026-05-28"},{"ecosystem":"npm","name":"changiairportpromax","href":"/ti/packages/npm/changiairportpromax","description":"Wave 1 package from terminal3airport. Contains Scramjet-based web proxy (Lucide Proxy) with popunder ads, external ad/tracking scripts, and Google Analytics. Disguised as tutoring website.","threat_types":["other"],"versions":["1.1.3"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"ilovefemboys","href":"/ti/packages/npm/ilovefemboys","description":"Wave 1 package from terminal3airport. Same Scramjet proxy adware payload as changiairportpromax.","threat_types":["other"],"versions":["1.1.3"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"captainindia","href":"/ti/packages/npm/captainindia","description":"Wave 2 representative package from terminal3airport. Obfuscated JS with hex variable names (_0x patterns), randomized filenames. Same adware proxy payload.","threat_types":["other"],"versions":["1.1.2"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"backup1-gg","href":"/ti/packages/npm/backup1-gg","description":"Wave 2 representative package from terminal3airport. Obfuscated adware proxy.","threat_types":["other"],"versions":["1.1.2"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"backupsitetuff6","href":"/ti/packages/npm/backupsitetuff6","description":"Wave 3 representative package from terminal3airport. Mass-published via auto-publish.sh script. 116 packages in this wave.","threat_types":["other"],"versions":["1.1.7"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"nottuff1","href":"/ti/packages/npm/nottuff1","description":"Wave 3 representative from the nottuff1-nottuff30 series. Auto-published adware proxy.","threat_types":["other"],"versions":["1.1.7"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"abuden1","href":"/ti/packages/npm/abuden1","description":"Wave 3 representative from the abuden1-abuden230 series (largest batch). Auto-published adware proxy.","threat_types":["other"],"versions":["1.1.7"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"ishowfeet1","href":"/ti/packages/npm/ishowfeet1","description":"Wave 3 representative from the ishowfeet1-ishowfeet20 series. Auto-published adware proxy.","threat_types":["other"],"versions":["1.1.7"],"campaigns":[],"discovered_at":"2026-05-27"},{"ecosystem":"npm","name":"forge-jsxy","href":"/ti/packages/npm/forge-jsxy","description":"forge-jsxy is the Wave 2 successor to forge-jsx, published after npm took down the original. It poses as an Autodesk Forge SDK and deploys a full-featured cross-platform RAT with keylogging, .env scanning, shell history exfiltration, Chromium extension LevelDB harvesting across 21+ browsers, cryptocurrency wallet scanning (BIP39/Solana/secp256k1), Discord screenshot exfiltration via bot webhooks, Hugging Face Hub data uploads, WebRTC P2P channels, durable persistence outside node_modules, and relay-pushed auto-upgrades. C2 at 204.10.194.247.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent","crypto_drainer"],"versions":["1.0.66","1.0.67","1.0.68","1.0.69","1.0.70","1.0.71","1.0.72","1.0.73","1.0.74","1.0.75","1.0.76","1.0.77","1.0.78","1.0.79","1.0.80","1.0.81","1.0.82","1.0.83","1.0.84","1.0.85","1.0.86","1.0.91"],"campaigns":["forge-jsx RAT"],"discovered_at":"2026-05-26"},{"ecosystem":"npm","name":"polymarket-trading-cli","href":"/ti/packages/npm/polymarket-trading-cli","description":"polymarket-trading-cli is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-terminal","href":"/ti/packages/npm/polymarket-terminal","description":"polymarket-terminal is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-trade","href":"/ti/packages/npm/polymarket-trade","description":"polymarket-trade is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-auto-trade","href":"/ti/packages/npm/polymarket-auto-trade","description":"polymarket-auto-trade is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-copy-trading","href":"/ti/packages/npm/polymarket-copy-trading","description":"polymarket-copy-trading is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-bot","href":"/ti/packages/npm/polymarket-bot","description":"polymarket-bot is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-claude-code","href":"/ti/packages/npm/polymarket-claude-code","description":"polymarket-claude-code is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-ai-agent","href":"/ti/packages/npm/polymarket-ai-agent","description":"polymarket-ai-agent is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"polymarket-trader","href":"/ti/packages/npm/polymarket-trader","description":"polymarket-trader is identified in the SafeDep analysis \"Polymarket npm Packages Steal Crypto Wallet Keys\". Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages within 30 seconds from a throwaway account.","threat_types":["crypto_drainer","credential_stealer","data_exfiltration"],"versions":["0.1.0","0.1.1"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-05-21"},{"ecosystem":"npm","name":"art-template","href":"/ti/packages/npm/art-template","description":"art-template is identified in the SafeDep analysis \"art-template npm Hijack Delivers iOS Browser Exploit Kit\". art-template versions 4.13.3 through 4.13.6 were compromised via maintainer account takeover. The browser bundle injects scripts that deliver a full iOS exploit kit: WebAssembly type confusion, JIT heap spray, ASLR bypass via dyld cache parsing, and 31KB of ARM64 shellcode targeting iPhone and iPad.","threat_types":["other"],"versions":["4.13.3"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-05-20"},{"ecosystem":"pypi","name":"durabletask","href":"/ti/packages/pypi/durabletask","description":"durabletask is identified in the SafeDep analysis \"Malicious durabletask on PyPI: Multi-Cloud Credential Stealer with Worm Capabilities\". Three compromised versions of the Microsoft durabletask Python SDK (1.4.1, 1.4.2, 1.4.3) were published to PyPI, each downloading a stage-2 payload that steals credentials from AWS, Azure, GCP, Kubernetes, HashiCorp Vault, and password managers, then propagates to other hosts via SSM and kubectl exec.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["0.1.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-20"},{"ecosystem":"npm","name":"ai-figure","href":"/ti/packages/npm/ai-figure","description":"ai-figure is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.5.0","0.6.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"amapcn","href":"/ti/packages/npm/amapcn","description":"amapcn is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.2","0.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/a8","href":"/ti/packages/npm/@antv/a8","description":"@antv/a8 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/adjust","href":"/ti/packages/npm/@antv/adjust","description":"@antv/adjust is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.5","0.4.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/algorithm","href":"/ti/packages/npm/@antv/algorithm","description":"@antv/algorithm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.26","0.3.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/async-hook","href":"/ti/packages/npm/@antv/async-hook","description":"@antv/async-hook is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.9","2.4.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/attr","href":"/ti/packages/npm/@antv/attr","description":"@antv/attr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.5","0.5.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/ava","href":"/ti/packages/npm/@antv/ava","description":"@antv/ava is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.5.1","3.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/ava-react","href":"/ti/packages/npm/@antv/ava-react","description":"@antv/ava-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.4.2","3.5.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/awards","href":"/ti/packages/npm/@antv/awards","description":"@antv/awards is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.9","0.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/calendar-heatmap","href":"/ti/packages/npm/@antv/calendar-heatmap","description":"@antv/calendar-heatmap is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.2","1.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/chart-linter","href":"/ti/packages/npm/@antv/chart-linter","description":"@antv/chart-linter is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.6","1.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/chart-node-g6","href":"/ti/packages/npm/@antv/chart-node-g6","description":"@antv/chart-node-g6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/chart-visualization-skills","href":"/ti/packages/npm/@antv/chart-visualization-skills","description":"@antv/chart-visualization-skills is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.3","0.3.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/ckb","href":"/ti/packages/npm/@antv/ckb","description":"@antv/ckb is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/color-schema","href":"/ti/packages/npm/@antv/color-schema","description":"@antv/color-schema is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.3","0.4.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/color-util","href":"/ti/packages/npm/@antv/color-util","description":"@antv/color-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.6","2.2.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/component","href":"/ti/packages/npm/@antv/component","description":"@antv/component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.11","2.3.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/coord","href":"/ti/packages/npm/@antv/coord","description":"@antv/coord is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.5.7","0.6.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/d3-color","href":"/ti/packages/npm/@antv/d3-color","description":"@antv/d3-color is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/d3-interpolate","href":"/ti/packages/npm/@antv/d3-interpolate","description":"@antv/d3-interpolate is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.3","1.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/data-samples","href":"/ti/packages/npm/@antv/data-samples","description":"@antv/data-samples is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/data-set","href":"/ti/packages/npm/@antv/data-set","description":"@antv/data-set is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.12.8","0.13.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/data-wizard","href":"/ti/packages/npm/@antv/data-wizard","description":"@antv/data-wizard is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dipper-component","href":"/ti/packages/npm/@antv/dipper-component","description":"@antv/dipper-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dipper-hooks","href":"/ti/packages/npm/@antv/dipper-hooks","description":"@antv/dipper-hooks is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.1","0.4.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dipper-map","href":"/ti/packages/npm/@antv/dipper-map","description":"@antv/dipper-map is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.10","1.2.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dom-util","href":"/ti/packages/npm/@antv/dom-util","description":"@antv/dom-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dumi-theme-antv","href":"/ti/packages/npm/@antv/dumi-theme-antv","description":"@antv/dumi-theme-antv is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.4","0.9.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-analyzer","href":"/ti/packages/npm/@antv/dw-analyzer","description":"@antv/dw-analyzer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.5","1.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-random","href":"/ti/packages/npm/@antv/dw-random","description":"@antv/dw-random is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.7","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-transform","href":"/ti/packages/npm/@antv/dw-transform","description":"@antv/dw-transform is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.7","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/dw-util","href":"/ti/packages/npm/@antv/dw-util","description":"@antv/dw-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.4","1.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/event-emitter","href":"/ti/packages/npm/@antv/event-emitter","description":"@antv/event-emitter is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.3","0.3.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/expr","href":"/ti/packages/npm/@antv/expr","description":"@antv/expr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2","href":"/ti/packages/npm/@antv/f2","description":"@antv/f2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.15.0","5.16.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-algorithm","href":"/ti/packages/npm/@antv/f2-algorithm","description":"@antv/f2-algorithm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.8.0","5.9.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-canvas","href":"/ti/packages/npm/@antv/f2-canvas","description":"@antv/f2-canvas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.5","1.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-context","href":"/ti/packages/npm/@antv/f2-context","description":"@antv/f2-context is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-graphic","href":"/ti/packages/npm/@antv/f2-graphic","description":"@antv/f2-graphic is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.16","0.2.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-my","href":"/ti/packages/npm/@antv/f2-my","description":"@antv/f2-my is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.52","4.2.52"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-react","href":"/ti/packages/npm/@antv/f2-react","description":"@antv/f2-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.15.0","5.16.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-site","href":"/ti/packages/npm/@antv/f2-site","description":"@antv/f2-site is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.42","4.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-vue","href":"/ti/packages/npm/@antv/f2-vue","description":"@antv/f2-vue is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.33","4.2.33"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-wordcloud","href":"/ti/packages/npm/@antv/f2-wordcloud","description":"@antv/f2-wordcloud is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.15.0","5.16.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f2-wx","href":"/ti/packages/npm/@antv/f2-wx","description":"@antv/f2-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["4.1.51","4.2.51"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6","href":"/ti/packages/npm/@antv/f6","description":"@antv/f6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.19","0.2.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-alipay","href":"/ti/packages/npm/@antv/f6-alipay","description":"@antv/f6-alipay is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.7","0.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-core","href":"/ti/packages/npm/@antv/f6-core","description":"@antv/f6-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-element","href":"/ti/packages/npm/@antv/f6-element","description":"@antv/f6-element is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-hammerjs","href":"/ti/packages/npm/@antv/f6-hammerjs","description":"@antv/f6-hammerjs is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-plugin","href":"/ti/packages/npm/@antv/f6-plugin","description":"@antv/f6-plugin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.6","1.2.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-ui","href":"/ti/packages/npm/@antv/f6-ui","description":"@antv/f6-ui is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.3","1.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f6-wx","href":"/ti/packages/npm/@antv/f6-wx","description":"@antv/f6-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.7","0.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-charts","href":"/ti/packages/npm/@antv/f-charts","description":"@antv/f-charts is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.0","0.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-engine","href":"/ti/packages/npm/@antv/f-engine","description":"@antv/f-engine is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-lottie","href":"/ti/packages/npm/@antv/f-lottie","description":"@antv/f-lottie is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-my","href":"/ti/packages/npm/@antv/f-my","description":"@antv/f-my is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-react","href":"/ti/packages/npm/@antv/f-react","description":"@antv/f-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-test-utils","href":"/ti/packages/npm/@antv/f-test-utils","description":"@antv/f-test-utils is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.9","1.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-vue","href":"/ti/packages/npm/@antv/f-vue","description":"@antv/f-vue is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/f-wx","href":"/ti/packages/npm/@antv/f-wx","description":"@antv/f-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.11.0","1.12.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2","href":"/ti/packages/npm/@antv/g2","description":"@antv/g2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.5.8","5.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-brush","href":"/ti/packages/npm/@antv/g2-brush","description":"@antv/g2-brush is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-extension-3d","href":"/ti/packages/npm/@antv/g2-extension-3d","description":"@antv/g2-extension-3d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-extension-ava","href":"/ti/packages/npm/@antv/g2-extension-ava","description":"@antv/g2-extension-ava is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-extension-plot","href":"/ti/packages/npm/@antv/g2-extension-plot","description":"@antv/g2-extension-plot is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.2","0.4.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2plot","href":"/ti/packages/npm/@antv/g2plot","description":"@antv/g2plot is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.35","2.6.35"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2plot-schemas","href":"/ti/packages/npm/@antv/g2plot-schemas","description":"@antv/g2plot-schemas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.2","1.4.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-plugin-slider","href":"/ti/packages/npm/@antv/g2-plugin-slider","description":"@antv/g2-plugin-slider is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g2-ssr","href":"/ti/packages/npm/@antv/g2-ssr","description":"@antv/g2-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g","href":"/ti/packages/npm/@antv/g","description":"@antv/g is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["6.4.1","6.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6","href":"/ti/packages/npm/@antv/g6","description":"@antv/g6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["5.2.1","5.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-alipay","href":"/ti/packages/npm/@antv/g6-alipay","description":"@antv/g6-alipay is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-cli","href":"/ti/packages/npm/@antv/g6-cli","description":"@antv/g6-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-core","href":"/ti/packages/npm/@antv/g6-core","description":"@antv/g6-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.24","0.9.24"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-editor","href":"/ti/packages/npm/@antv/g6-editor","description":"@antv/g6-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.0","1.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-element","href":"/ti/packages/npm/@antv/g6-element","description":"@antv/g6-element is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.25","0.9.25"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-extension-3d","href":"/ti/packages/npm/@antv/g6-extension-3d","description":"@antv/g6-extension-3d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.23","0.3.23"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-extension-react","href":"/ti/packages/npm/@antv/g6-extension-react","description":"@antv/g6-extension-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.7","0.4.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-mobile","href":"/ti/packages/npm/@antv/g6-mobile","description":"@antv/g6-mobile is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.2","0.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-pc","href":"/ti/packages/npm/@antv/g6-pc","description":"@antv/g6-pc is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.25","0.9.25"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-plugin","href":"/ti/packages/npm/@antv/g6-plugin","description":"@antv/g6-plugin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.25","0.9.25"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-plugin-map-view","href":"/ti/packages/npm/@antv/g6-plugin-map-view","description":"@antv/g6-plugin-map-view is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.4","0.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-plugins","href":"/ti/packages/npm/@antv/g6-plugins","description":"@antv/g6-plugins is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.9","1.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-react-node","href":"/ti/packages/npm/@antv/g6-react-node","description":"@antv/g6-react-node is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.8","1.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-ssr","href":"/ti/packages/npm/@antv/g6-ssr","description":"@antv/g6-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g6-wx","href":"/ti/packages/npm/@antv/g6-wx","description":"@antv/g6-wx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gatsby-theme","href":"/ti/packages/npm/@antv/gatsby-theme","description":"@antv/gatsby-theme is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-base","href":"/ti/packages/npm/@antv/g-base","description":"@antv/g-base is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.16","0.7.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-camera-api","href":"/ti/packages/npm/@antv/g-camera-api","description":"@antv/g-camera-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.45","2.2.45"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-canvas","href":"/ti/packages/npm/@antv/g-canvas","description":"@antv/g-canvas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.0","2.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-canvaskit","href":"/ti/packages/npm/@antv/g-canvaskit","description":"@antv/g-canvaskit is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-compat","href":"/ti/packages/npm/@antv/g-compat","description":"@antv/g-compat is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.11","1.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-components","href":"/ti/packages/npm/@antv/g-components","description":"@antv/g-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.42","2.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-css-layout-api","href":"/ti/packages/npm/@antv/g-css-layout-api","description":"@antv/g-css-layout-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.38","1.2.38"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-css-typed-om-api","href":"/ti/packages/npm/@antv/g-css-typed-om-api","description":"@antv/g-css-typed-om-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.38","1.2.38"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-device-api","href":"/ti/packages/npm/@antv/g-device-api","description":"@antv/g-device-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.7.13","1.8.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-dom-mutation-observer-api","href":"/ti/packages/npm/@antv/g-dom-mutation-observer-api","description":"@antv/g-dom-mutation-observer-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.42","2.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/geo-coord","href":"/ti/packages/npm/@antv/geo-coord","description":"@antv/geo-coord is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.8","1.2.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-gesture","href":"/ti/packages/npm/@antv/g-gesture","description":"@antv/g-gesture is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.42","3.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-advance","href":"/ti/packages/npm/@antv/gi-assets-advance","description":"@antv/gi-assets-advance is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.6.22","2.7.22"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-algorithm","href":"/ti/packages/npm/@antv/gi-assets-algorithm","description":"@antv/gi-assets-algorithm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.19","2.5.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-basic","href":"/ti/packages/npm/@antv/gi-assets-basic","description":"@antv/gi-assets-basic is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.40","2.6.40"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-galaxybase","href":"/ti/packages/npm/@antv/gi-assets-galaxybase","description":"@antv/gi-assets-galaxybase is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.15","1.4.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-graphscope","href":"/ti/packages/npm/@antv/gi-assets-graphscope","description":"@antv/gi-assets-graphscope is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.15","2.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-hugegraph","href":"/ti/packages/npm/@antv/gi-assets-hugegraph","description":"@antv/gi-assets-hugegraph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.15","1.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-janusgraph","href":"/ti/packages/npm/@antv/gi-assets-janusgraph","description":"@antv/gi-assets-janusgraph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.15","1.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-neo4j","href":"/ti/packages/npm/@antv/gi-assets-neo4j","description":"@antv/gi-assets-neo4j is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.15","2.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-scene","href":"/ti/packages/npm/@antv/gi-assets-scene","description":"@antv/gi-assets-scene is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.21","2.4.21"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-tugraph","href":"/ti/packages/npm/@antv/gi-assets-tugraph","description":"@antv/gi-assets-tugraph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.15","2.3.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-tugraph-analytics","href":"/ti/packages/npm/@antv/gi-assets-tugraph-analytics","description":"@antv/gi-assets-tugraph-analytics is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.15","0.4.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-assets-xlab","href":"/ti/packages/npm/@antv/gi-assets-xlab","description":"@antv/gi-assets-xlab is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.30","0.3.30"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-cli","href":"/ti/packages/npm/@antv/gi-cli","description":"@antv/gi-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.11","1.4.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-common-components","href":"/ti/packages/npm/@antv/gi-common-components","description":"@antv/gi-common-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.4.16","1.5.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-image-exporter","href":"/ti/packages/npm/@antv/g-image-exporter","description":"@antv/g-image-exporter is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.42","1.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-mock-data","href":"/ti/packages/npm/@antv/gi-mock-data","description":"@antv/gi-mock-data is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.5","1.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-public-data","href":"/ti/packages/npm/@antv/gi-public-data","description":"@antv/gi-public-data is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-sdk","href":"/ti/packages/npm/@antv/gi-sdk","description":"@antv/gi-sdk is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.0","3.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-sdk-app","href":"/ti/packages/npm/@antv/gi-sdk-app","description":"@antv/gi-sdk-app is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.10","1.4.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gi-theme-antd","href":"/ti/packages/npm/@antv/gi-theme-antd","description":"@antv/gi-theme-antd is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.7.11","0.8.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/github-config-cli","href":"/ti/packages/npm/@antv/github-config-cli","description":"@antv/github-config-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-layout-blocklike","href":"/ti/packages/npm/@antv/g-layout-blocklike","description":"@antv/g-layout-blocklike is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.8.49","1.9.49"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-lite","href":"/ti/packages/npm/@antv/g-lite","description":"@antv/g-lite is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.8.0","2.9.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gl-matrix","href":"/ti/packages/npm/@antv/gl-matrix","description":"@antv/gl-matrix is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.8.1","2.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-lottie-player","href":"/ti/packages/npm/@antv/g-lottie-player","description":"@antv/g-lottie-player is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-math","href":"/ti/packages/npm/@antv/g-math","description":"@antv/g-math is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.2.0","3.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile","href":"/ti/packages/npm/@antv/g-mobile","description":"@antv/g-mobile is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.5","1.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-canvas","href":"/ti/packages/npm/@antv/g-mobile-canvas","description":"@antv/g-mobile-canvas is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-canvas-element","href":"/ti/packages/npm/@antv/g-mobile-canvas-element","description":"@antv/g-mobile-canvas-element is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.42","1.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-svg","href":"/ti/packages/npm/@antv/g-mobile-svg","description":"@antv/g-mobile-svg is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-mobile-webgl","href":"/ti/packages/npm/@antv/g-mobile-webgl","description":"@antv/g-mobile-webgl is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-pattern","href":"/ti/packages/npm/@antv/g-pattern","description":"@antv/g-pattern is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.42","2.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-perf","href":"/ti/packages/npm/@antv/g-perf","description":"@antv/g-perf is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-3d","href":"/ti/packages/npm/@antv/g-plugin-3d","description":"@antv/g-plugin-3d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-a11y","href":"/ti/packages/npm/@antv/g-plugin-a11y","description":"@antv/g-plugin-a11y is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.1","1.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-annotation","href":"/ti/packages/npm/@antv/g-plugin-annotation","description":"@antv/g-plugin-annotation is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.3.0","1.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-box2d","href":"/ti/packages/npm/@antv/g-plugin-box2d","description":"@antv/g-plugin-box2d is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvaskit-renderer","href":"/ti/packages/npm/@antv/g-plugin-canvaskit-renderer","description":"@antv/g-plugin-canvaskit-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvas-path-generator","href":"/ti/packages/npm/@antv/g-plugin-canvas-path-generator","description":"@antv/g-plugin-canvas-path-generator is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.26","2.3.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvas-picker","href":"/ti/packages/npm/@antv/g-plugin-canvas-picker","description":"@antv/g-plugin-canvas-picker is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-canvas-renderer","href":"/ti/packages/npm/@antv/g-plugin-canvas-renderer","description":"@antv/g-plugin-canvas-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.6.1","2.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-control","href":"/ti/packages/npm/@antv/g-plugin-control","description":"@antv/g-plugin-control is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-css-select","href":"/ti/packages/npm/@antv/g-plugin-css-select","description":"@antv/g-plugin-css-select is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-device-renderer","href":"/ti/packages/npm/@antv/g-plugin-device-renderer","description":"@antv/g-plugin-device-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.7.1","2.8.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-dom-interaction","href":"/ti/packages/npm/@antv/g-plugin-dom-interaction","description":"@antv/g-plugin-dom-interaction is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.31","2.3.31"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-dragndrop","href":"/ti/packages/npm/@antv/g-plugin-dragndrop","description":"@antv/g-plugin-dragndrop is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-gesture","href":"/ti/packages/npm/@antv/g-plugin-gesture","description":"@antv/g-plugin-gesture is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-gpgpu","href":"/ti/packages/npm/@antv/g-plugin-gpgpu","description":"@antv/g-plugin-gpgpu is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.20","1.11.20"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-html-renderer","href":"/ti/packages/npm/@antv/g-plugin-html-renderer","description":"@antv/g-plugin-html-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-image-loader","href":"/ti/packages/npm/@antv/g-plugin-image-loader","description":"@antv/g-plugin-image-loader is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-matterjs","href":"/ti/packages/npm/@antv/g-plugin-matterjs","description":"@antv/g-plugin-matterjs is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-mobile-interaction","href":"/ti/packages/npm/@antv/g-plugin-mobile-interaction","description":"@antv/g-plugin-mobile-interaction is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.42","1.2.42"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-physx","href":"/ti/packages/npm/@antv/g-plugin-physx","description":"@antv/g-plugin-physx is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-rough-canvas-renderer","href":"/ti/packages/npm/@antv/g-plugin-rough-canvas-renderer","description":"@antv/g-plugin-rough-canvas-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-rough-svg-renderer","href":"/ti/packages/npm/@antv/g-plugin-rough-svg-renderer","description":"@antv/g-plugin-rough-svg-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-svg-picker","href":"/ti/packages/npm/@antv/g-plugin-svg-picker","description":"@antv/g-plugin-svg-picker is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.46","2.2.46"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-svg-renderer","href":"/ti/packages/npm/@antv/g-plugin-svg-renderer","description":"@antv/g-plugin-svg-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.1","2.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-webgl-device","href":"/ti/packages/npm/@antv/g-plugin-webgl-device","description":"@antv/g-plugin-webgl-device is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.17","1.11.17"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-webgl-renderer","href":"/ti/packages/npm/@antv/g-plugin-webgl-renderer","description":"@antv/g-plugin-webgl-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.26","1.2.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-webgpu-device","href":"/ti/packages/npm/@antv/g-plugin-webgpu-device","description":"@antv/g-plugin-webgpu-device is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.17","1.11.17"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-yoga","href":"/ti/packages/npm/@antv/g-plugin-yoga","description":"@antv/g-plugin-yoga is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-zdog-canvas-renderer","href":"/ti/packages/npm/@antv/g-plugin-zdog-canvas-renderer","description":"@antv/g-plugin-zdog-canvas-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-plugin-zdog-svg-renderer","href":"/ti/packages/npm/@antv/g-plugin-zdog-svg-renderer","description":"@antv/g-plugin-zdog-svg-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gpt-vis","href":"/ti/packages/npm/@antv/gpt-vis","description":"@antv/gpt-vis is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/gpt-vis-ssr","href":"/ti/packages/npm/@antv/gpt-vis-ssr","description":"@antv/gpt-vis-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.7","0.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin","href":"/ti/packages/npm/@antv/graphin","description":"@antv/graphin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.5","3.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin-components","href":"/ti/packages/npm/@antv/graphin-components","description":"@antv/graphin-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.1","2.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin-graphscope","href":"/ti/packages/npm/@antv/graphin-graphscope","description":"@antv/graphin-graphscope is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.5","1.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphin-icons","href":"/ti/packages/npm/@antv/graphin-icons","description":"@antv/graphin-icons is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/graphlib","href":"/ti/packages/npm/@antv/graphlib","description":"@antv/graphlib is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-shader-components","href":"/ti/packages/npm/@antv/g-shader-components","description":"@antv/g-shader-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-svg","href":"/ti/packages/npm/@antv/g-svg","description":"@antv/g-svg is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-web-animations-api","href":"/ti/packages/npm/@antv/g-web-animations-api","description":"@antv/g-web-animations-api is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.32","2.3.32"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-web-components","href":"/ti/packages/npm/@antv/g-web-components","description":"@antv/g-web-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgl","href":"/ti/packages/npm/@antv/g-webgl","description":"@antv/g-webgl is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgl-compute","href":"/ti/packages/npm/@antv/g-webgl-compute","description":"@antv/g-webgl-compute is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu","href":"/ti/packages/npm/@antv/g-webgpu","description":"@antv/g-webgpu is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-compiler","href":"/ti/packages/npm/@antv/g-webgpu-compiler","description":"@antv/g-webgpu-compiler is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.2","0.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-core","href":"/ti/packages/npm/@antv/g-webgpu-core","description":"@antv/g-webgpu-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.2","0.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-engine","href":"/ti/packages/npm/@antv/g-webgpu-engine","description":"@antv/g-webgpu-engine is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.2","0.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-raytracer","href":"/ti/packages/npm/@antv/g-webgpu-raytracer","description":"@antv/g-webgpu-raytracer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.1","0.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/g-webgpu-unitchart","href":"/ti/packages/npm/@antv/g-webgpu-unitchart","description":"@antv/g-webgpu-unitchart is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.1","0.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/hierarchy","href":"/ti/packages/npm/@antv/hierarchy","description":"@antv/hierarchy is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.8.1","0.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/infographic","href":"/ti/packages/npm/@antv/infographic","description":"@antv/infographic is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.19","0.4.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/insight-component","href":"/ti/packages/npm/@antv/insight-component","description":"@antv/insight-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/interaction","href":"/ti/packages/npm/@antv/interaction","description":"@antv/interaction is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.5","0.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/istanbul","href":"/ti/packages/npm/@antv/istanbul","description":"@antv/istanbul is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.0","0.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/knowledge","href":"/ti/packages/npm/@antv/knowledge","description":"@antv/knowledge is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.4","1.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7","href":"/ti/packages/npm/@antv/l7","description":"@antv/l7 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-component","href":"/ti/packages/npm/@antv/l7-component","description":"@antv/l7-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-composite-layers","href":"/ti/packages/npm/@antv/l7-composite-layers","description":"@antv/l7-composite-layers is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.18.1","0.19.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-core","href":"/ti/packages/npm/@antv/l7-core","description":"@antv/l7-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-district","href":"/ti/packages/npm/@antv/l7-district","description":"@antv/l7-district is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.12","2.5.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-draw","href":"/ti/packages/npm/@antv/l7-draw","description":"@antv/l7-draw is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.2.5","3.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-editor","href":"/ti/packages/npm/@antv/l7-editor","description":"@antv/l7-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.13","1.3.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-extension-g-layer","href":"/ti/packages/npm/@antv/l7-extension-g-layer","description":"@antv/l7-extension-g-layer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-layers","href":"/ti/packages/npm/@antv/l7-layers","description":"@antv/l7-layers is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-leaflet","href":"/ti/packages/npm/@antv/l7-leaflet","description":"@antv/l7-leaflet is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-map","href":"/ti/packages/npm/@antv/l7-map","description":"@antv/l7-map is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-mapkit","href":"/ti/packages/npm/@antv/l7-mapkit","description":"@antv/l7-mapkit is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.0","0.7.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-maps","href":"/ti/packages/npm/@antv/l7-maps","description":"@antv/l7-maps is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-mini","href":"/ti/packages/npm/@antv/l7-mini","description":"@antv/l7-mini is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.21.8","2.22.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-pass","href":"/ti/packages/npm/@antv/l7-pass","description":"@antv/l7-pass is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7plot","href":"/ti/packages/npm/@antv/l7plot","description":"@antv/l7plot is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.11","0.7.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7plot-component","href":"/ti/packages/npm/@antv/l7plot-component","description":"@antv/l7plot-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.11","0.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-react","href":"/ti/packages/npm/@antv/l7-react","description":"@antv/l7-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.5.3","2.6.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-renderer","href":"/ti/packages/npm/@antv/l7-renderer","description":"@antv/l7-renderer is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-scene","href":"/ti/packages/npm/@antv/l7-scene","description":"@antv/l7-scene is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-source","href":"/ti/packages/npm/@antv/l7-source","description":"@antv/l7-source is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-three","href":"/ti/packages/npm/@antv/l7-three","description":"@antv/l7-three is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/l7-utils","href":"/ti/packages/npm/@antv/l7-utils","description":"@antv/l7-utils is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.26.10","2.27.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/larkmap","href":"/ti/packages/npm/@antv/larkmap","description":"@antv/larkmap is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.6.1","1.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/layout-gpu","href":"/ti/packages/npm/@antv/layout-gpu","description":"@antv/layout-gpu is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.2.7","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/layout-wasm","href":"/ti/packages/npm/@antv/layout-wasm","description":"@antv/layout-wasm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.2","1.6.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-aiearth-assets","href":"/ti/packages/npm/@antv/li-aiearth-assets","description":"@antv/li-aiearth-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.5.7","0.6.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-analysis-assets","href":"/ti/packages/npm/@antv/li-analysis-assets","description":"@antv/li-analysis-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.1","1.11.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-core-assets","href":"/ti/packages/npm/@antv/li-core-assets","description":"@antv/li-core-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.4.7","1.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-editor","href":"/ti/packages/npm/@antv/li-editor","description":"@antv/li-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.7.1","1.8.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-p2","href":"/ti/packages/npm/@antv/li-p2","description":"@antv/li-p2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.10.2","1.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-sam-assets","href":"/ti/packages/npm/@antv/li-sam-assets","description":"@antv/li-sam-assets is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.4","0.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/li-sdk","href":"/ti/packages/npm/@antv/li-sdk","description":"@antv/li-sdk is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.6.1","1.7.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/lite-insight","href":"/ti/packages/npm/@antv/lite-insight","description":"@antv/lite-insight is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/matrix-util","href":"/ti/packages/npm/@antv/matrix-util","description":"@antv/matrix-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.4","3.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/mcp-server-antv","href":"/ti/packages/npm/@antv/mcp-server-antv","description":"@antv/mcp-server-antv is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.8","0.3.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/mcp-server-chart","href":"/ti/packages/npm/@antv/mcp-server-chart","description":"@antv/mcp-server-chart is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.10.10","0.11.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/my-f2","href":"/ti/packages/npm/@antv/my-f2","description":"@antv/my-f2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.7","2.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/my-f2-pc","href":"/ti/packages/npm/@antv/my-f2-pc","description":"@antv/my-f2-pc is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/narrative-text-editor","href":"/ti/packages/npm/@antv/narrative-text-editor","description":"@antv/narrative-text-editor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.20","0.4.20"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/narrative-text-schema","href":"/ti/packages/npm/@antv/narrative-text-schema","description":"@antv/narrative-text-schema is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.7","0.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/narrative-text-vis","href":"/ti/packages/npm/@antv/narrative-text-vis","description":"@antv/narrative-text-vis is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.16","0.5.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/path-util","href":"/ti/packages/npm/@antv/path-util","description":"@antv/path-util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.1","3.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/react-g","href":"/ti/packages/npm/@antv/react-g","description":"@antv/react-g is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2","href":"/ti/packages/npm/@antv/s2","description":"@antv/s2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.8.1","2.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-react","href":"/ti/packages/npm/@antv/s2-react","description":"@antv/s2-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.4.1","2.5.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-react-components","href":"/ti/packages/npm/@antv/s2-react-components","description":"@antv/s2-react-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.2","2.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-ssr","href":"/ti/packages/npm/@antv/s2-ssr","description":"@antv/s2-ssr is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/s2-vue","href":"/ti/packages/npm/@antv/s2-vue","description":"@antv/s2-vue is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.0","2.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/sam","href":"/ti/packages/npm/@antv/sam","description":"@antv/sam is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/scale","href":"/ti/packages/npm/@antv/scale","description":"@antv/scale is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.6.2","0.7.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/semantic-release-pnpm","href":"/ti/packages/npm/@antv/semantic-release-pnpm","description":"@antv/semantic-release-pnpm is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.4","1.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/smart-color","href":"/ti/packages/npm/@antv/smart-color","description":"@antv/smart-color is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.3.1","0.4.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/stat","href":"/ti/packages/npm/@antv/stat","description":"@antv/stat is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.1.2","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/t8","href":"/ti/packages/npm/@antv/t8","description":"@antv/t8 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.0","0.5.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/thumbnails","href":"/ti/packages/npm/@antv/thumbnails","description":"@antv/thumbnails is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/thumbnails-component","href":"/ti/packages/npm/@antv/thumbnails-component","description":"@antv/thumbnails-component is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/torch","href":"/ti/packages/npm/@antv/torch","description":"@antv/torch is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.6","1.2.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/translator","href":"/ti/packages/npm/@antv/translator","description":"@antv/translator is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/util","href":"/ti/packages/npm/@antv/util","description":"@antv/util is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.4.11","3.5.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/vendor","href":"/ti/packages/npm/@antv/vendor","description":"@antv/vendor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.11","1.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/vis-predict-engine","href":"/ti/packages/npm/@antv/vis-predict-engine","description":"@antv/vis-predict-engine is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.1","0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/webgpu-graph","href":"/ti/packages/npm/@antv/webgpu-graph","description":"@antv/webgpu-graph is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/word-scale-chart","href":"/ti/packages/npm/@antv/word-scale-chart","description":"@antv/word-scale-chart is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.4.4","0.5.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/wx-f2","href":"/ti/packages/npm/@antv/wx-f2","description":"@antv/wx-f2 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6","href":"/ti/packages/npm/@antv/x6","description":"@antv/x6 is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.2.7","3.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-angular-shape","href":"/ti/packages/npm/@antv/x6-angular-shape","description":"@antv/x6-angular-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.1","3.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-common","href":"/ti/packages/npm/@antv/x6-common","description":"@antv/x6-common is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.17","2.2.17"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-components","href":"/ti/packages/npm/@antv/x6-components","description":"@antv/x6-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.11.7","0.12.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-geometry","href":"/ti/packages/npm/@antv/x6-geometry","description":"@antv/x6-geometry is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.5","2.2.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-clipboard","href":"/ti/packages/npm/@antv/x6-plugin-clipboard","description":"@antv/x6-plugin-clipboard is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.6","2.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-dnd","href":"/ti/packages/npm/@antv/x6-plugin-dnd","description":"@antv/x6-plugin-dnd is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.1","2.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-export","href":"/ti/packages/npm/@antv/x6-plugin-export","description":"@antv/x6-plugin-export is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.6","2.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-history","href":"/ti/packages/npm/@antv/x6-plugin-history","description":"@antv/x6-plugin-history is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.4","2.4.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-keyboard","href":"/ti/packages/npm/@antv/x6-plugin-keyboard","description":"@antv/x6-plugin-keyboard is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.3","2.4.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-minimap","href":"/ti/packages/npm/@antv/x6-plugin-minimap","description":"@antv/x6-plugin-minimap is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.7","2.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-scroller","href":"/ti/packages/npm/@antv/x6-plugin-scroller","description":"@antv/x6-plugin-scroller is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.10","2.2.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-selection","href":"/ti/packages/npm/@antv/x6-plugin-selection","description":"@antv/x6-plugin-selection is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.3.2","2.4.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-snapline","href":"/ti/packages/npm/@antv/x6-plugin-snapline","description":"@antv/x6-plugin-snapline is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.7","2.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-stencil","href":"/ti/packages/npm/@antv/x6-plugin-stencil","description":"@antv/x6-plugin-stencil is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.5","2.3.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-plugin-transform","href":"/ti/packages/npm/@antv/x6-plugin-transform","description":"@antv/x6-plugin-transform is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.8","2.3.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-react","href":"/ti/packages/npm/@antv/x6-react","description":"@antv/x6-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["0.2.26","0.3.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-react-components","href":"/ti/packages/npm/@antv/x6-react-components","description":"@antv/x6-react-components is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.1.9","2.2.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-react-shape","href":"/ti/packages/npm/@antv/x6-react-shape","description":"@antv/x6-react-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.1","3.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-vector","href":"/ti/packages/npm/@antv/x6-vector","description":"@antv/x6-vector is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.5.2","1.6.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-vue3-shape","href":"/ti/packages/npm/@antv/x6-vue3-shape","description":"@antv/x6-vue3-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/x6-vue-shape","href":"/ti/packages/npm/@antv/x6-vue-shape","description":"@antv/x6-vue-shape is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["3.1.2","3.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow","href":"/ti/packages/npm/@antv/xflow","description":"@antv/xflow is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["2.2.13","2.3.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-core","href":"/ti/packages/npm/@antv/xflow-core","description":"@antv/xflow-core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.55","1.2.55"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-diff","href":"/ti/packages/npm/@antv/xflow-diff","description":"@antv/xflow-diff is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-extension","href":"/ti/packages/npm/@antv/xflow-extension","description":"@antv/xflow-extension is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.55","1.2.55"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@antv/xflow-hook","href":"/ti/packages/npm/@antv/xflow-hook","description":"@antv/xflow-hook is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["credential_stealer"],"versions":["1.1.55","1.2.55"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"ast-plugin","href":"/ti/packages/npm/ast-plugin","description":"ast-plugin is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.1.7","0.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"babel-plugin-version","href":"/ti/packages/npm/babel-plugin-version","description":"babel-plugin-version is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.3","0.4.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"boring-avatars-vanilla","href":"/ti/packages/npm/boring-avatars-vanilla","description":"boring-avatars-vanilla is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"byte-parser","href":"/ti/packages/npm/byte-parser","description":"byte-parser is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"canvas-nest.js","href":"/ti/packages/npm/canvas-nest.js","description":"canvas-nest.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.4","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"echarts-for-react","href":"/ti/packages/npm/echarts-for-react","description":"echarts-for-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["3.0.7","3.1.7","3.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"filesize.js","href":"/ti/packages/npm/filesize.js","description":"filesize.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"fixed-round","href":"/ti/packages/npm/fixed-round","description":"fixed-round is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.2","1.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"gantt-for-react","href":"/ti/packages/npm/gantt-for-react","description":"gantt-for-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-canvas-mock","href":"/ti/packages/npm/jest-canvas-mock","description":"jest-canvas-mock is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.5.3","2.6.3","2.7.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-date-mock","href":"/ti/packages/npm/jest-date-mock","description":"jest-date-mock is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.0.11","1.1.11","1.2.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-electron","href":"/ti/packages/npm/jest-electron","description":"jest-electron is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.12","0.3.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-expect","href":"/ti/packages/npm/jest-expect","description":"jest-expect is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.1.1","0.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-less-loader","href":"/ti/packages/npm/jest-less-loader","description":"jest-less-loader is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-random-mock","href":"/ti/packages/npm/jest-random-mock","description":"jest-random-mock is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"jest-url-loader","href":"/ti/packages/npm/jest-url-loader","description":"jest-url-loader is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"limit-size","href":"/ti/packages/npm/limit-size","description":"limit-size is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.4","0.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"lint-md","href":"/ti/packages/npm/lint-md","description":"lint-md is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.3.0","0.4.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"lint-md-cli","href":"/ti/packages/npm/lint-md-cli","description":"lint-md-cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.2","0.3.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@lint-md/cli","href":"/ti/packages/npm/@lint-md/cli","description":"@lint-md/cli is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@lint-md/core","href":"/ti/packages/npm/@lint-md/core","description":"@lint-md/core is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.0","2.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"@lint-md/parser","href":"/ti/packages/npm/@lint-md/parser","description":"@lint-md/parser is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.1.14","0.2.14"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"mcp-echarts","href":"/ti/packages/npm/mcp-echarts","description":"mcp-echarts is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.8.1","0.9.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"mcp-mermaid","href":"/ti/packages/npm/mcp-mermaid","description":"mcp-mermaid is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.5.1","0.6.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"miz","href":"/ti/packages/npm/miz","description":"miz is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"onfire.js","href":"/ti/packages/npm/onfire.js","description":"onfire.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["2.1.1","2.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"react-adsense","href":"/ti/packages/npm/react-adsense","description":"react-adsense is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["0.2.0","0.3.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"relationship.js","href":"/ti/packages/npm/relationship.js","description":"relationship.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.3.9","1.4.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"ribbon.js","href":"/ti/packages/npm/ribbon.js","description":"ribbon.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"size-sensor","href":"/ti/packages/npm/size-sensor","description":"size-sensor is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.0.4","1.1.4","1.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"slice.js","href":"/ti/packages/npm/slice.js","description":"slice.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.2.1","1.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"timeago.js","href":"/ti/packages/npm/timeago.js","description":"timeago.js is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["4.1.2","4.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"timeago-react","href":"/ti/packages/npm/timeago-react","description":"timeago-react is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["3.1.7","3.2.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"uri-parse","href":"/ti/packages/npm/uri-parse","description":"uri-parse is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"word-width","href":"/ti/packages/npm/word-width","description":"word-width is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.1","1.2.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"xmorse","href":"/ti/packages/npm/xmorse","description":"xmorse is identified in the SafeDep analysis \"Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised\". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.","threat_types":["other"],"versions":["1.1.0","1.2.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-19"},{"ecosystem":"npm","name":"node-ipc","href":"/ti/packages/npm/node-ipc","description":"node-ipc is identified in the SafeDep analysis \"Compromised node-ipc on npm: Credential Stealer via DNS Exfiltration\". >-","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["9.1.6","9.2.3","12.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-14"},{"ecosystem":"npm","name":"iceberg-javascript","href":"/ti/packages/npm/iceberg-javascript","description":"iceberg-javascript is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["0.8.2"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"supabase-javascript","href":"/ti/packages/npm/supabase-javascript","description":"supabase-javascript is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["2.98.3"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"auth-javascript","href":"/ti/packages/npm/auth-javascript","description":"auth-javascript is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["0.0.17"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"microsoft-applicationinsights-common","href":"/ti/packages/npm/microsoft-applicationinsights-common","description":"microsoft-applicationinsights-common is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["3.4.2"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"ms-graph-types","href":"/ti/packages/npm/ms-graph-types","description":"ms-graph-types is identified in the SafeDep analysis \"Malicious npm Packages Backdoor Claude Code Sessions\". >-","threat_types":["rat","persistence"],"versions":["2.43.2"],"campaigns":["Claude Code Hook Backdoors"],"discovered_at":"2026-05-13"},{"ecosystem":"npm","name":"@beproduct/nestjs-auth","href":"/ti/packages/npm/@beproduct/nestjs-auth","description":"@beproduct/nestjs-auth is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.1.9","0.1.10","0.1.11","0.1.12","0.1.13","0.1.14","0.1.15","0.1.16","0.1.17","0.1.18","0.1.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@dirigible-ai/sdk","href":"/ti/packages/npm/@dirigible-ai/sdk","description":"@dirigible-ai/sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.2","0.6.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftauth/client","href":"/ti/packages/npm/@draftauth/client","description":"@draftauth/client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftauth/core","href":"/ti/packages/npm/@draftauth/core","description":"@draftauth/core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.13.1","0.13.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftlab/auth","href":"/ti/packages/npm/@draftlab/auth","description":"@draftlab/auth is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.24.1","0.24.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftlab/auth-router","href":"/ti/packages/npm/@draftlab/auth-router","description":"@draftlab/auth-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.1","0.5.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@draftlab/db","href":"/ti/packages/npm/@draftlab/db","description":"@draftlab/db is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.16.1","0.16.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mesadev/rest","href":"/ti/packages/npm/@mesadev/rest","description":"@mesadev/rest is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.28.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mesadev/saguaro","href":"/ti/packages/npm/@mesadev/saguaro","description":"@mesadev/saguaro is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.22"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mesadev/sdk","href":"/ti/packages/npm/@mesadev/sdk","description":"@mesadev/sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.28.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mistralai/mistralai","href":"/ti/packages/npm/@mistralai/mistralai","description":"@mistralai/mistralai is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["2.2.2","2.2.3","2.2.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mistralai/mistralai-azure","href":"/ti/packages/npm/@mistralai/mistralai-azure","description":"@mistralai/mistralai-azure is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.7.1","1.7.2","1.7.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@mistralai/mistralai-gcp","href":"/ti/packages/npm/@mistralai/mistralai-gcp","description":"@mistralai/mistralai-gcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.7.1","1.7.2","1.7.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@ml-toolkit-ts/preprocessing","href":"/ti/packages/npm/@ml-toolkit-ts/preprocessing","description":"@ml-toolkit-ts/preprocessing is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@ml-toolkit-ts/xgboost","href":"/ti/packages/npm/@ml-toolkit-ts/xgboost","description":"@ml-toolkit-ts/xgboost is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.3","1.0.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@opensearch-project/opensearch","href":"/ti/packages/npm/@opensearch-project/opensearch","description":"@opensearch-project/opensearch is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["3.5.3","3.6.2","3.7.0","3.8.0"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airport-data","href":"/ti/packages/npm/@squawk/airport-data","description":"@squawk/airport-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.7.4","0.7.5","0.7.6","0.7.7","0.7.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airports","href":"/ti/packages/npm/@squawk/airports","description":"@squawk/airports is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.2","0.6.3","0.6.4","0.6.5","0.6.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airspace","href":"/ti/packages/npm/@squawk/airspace","description":"@squawk/airspace is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.1","0.8.2","0.8.3","0.8.4","0.8.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airspace-data","href":"/ti/packages/npm/@squawk/airspace-data","description":"@squawk/airspace-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.3","0.5.4","0.5.5","0.5.6","0.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airway-data","href":"/ti/packages/npm/@squawk/airway-data","description":"@squawk/airway-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.4","0.5.5","0.5.6","0.5.7","0.5.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/airways","href":"/ti/packages/npm/@squawk/airways","description":"@squawk/airways is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.2","0.4.3","0.4.4","0.4.5","0.4.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/fix-data","href":"/ti/packages/npm/@squawk/fix-data","description":"@squawk/fix-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.4","0.6.5","0.6.6","0.6.7","0.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/fixes","href":"/ti/packages/npm/@squawk/fixes","description":"@squawk/fixes is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.2","0.3.3","0.3.4","0.3.5","0.3.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/flight-math","href":"/ti/packages/npm/@squawk/flight-math","description":"@squawk/flight-math is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.4","0.5.5","0.5.6","0.5.7","0.5.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/flightplan","href":"/ti/packages/npm/@squawk/flightplan","description":"@squawk/flightplan is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.2","0.5.3","0.5.4","0.5.5","0.5.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/geo","href":"/ti/packages/npm/@squawk/geo","description":"@squawk/geo is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.4","0.4.5","0.4.6","0.4.7","0.4.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/icao-registry","href":"/ti/packages/npm/@squawk/icao-registry","description":"@squawk/icao-registry is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.2","0.5.3","0.5.4","0.5.5","0.5.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/icao-registry-data","href":"/ti/packages/npm/@squawk/icao-registry-data","description":"@squawk/icao-registry-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.4","0.8.5","0.8.6","0.8.7","0.8.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/mcp","href":"/ti/packages/npm/@squawk/mcp","description":"@squawk/mcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.9.1","0.9.2","0.9.3","0.9.4","0.9.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/navaid-data","href":"/ti/packages/npm/@squawk/navaid-data","description":"@squawk/navaid-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.6.4","0.6.5","0.6.6","0.6.7","0.6.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/navaids","href":"/ti/packages/npm/@squawk/navaids","description":"@squawk/navaids is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.2","0.4.3","0.4.4","0.4.5","0.4.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/notams","href":"/ti/packages/npm/@squawk/notams","description":"@squawk/notams is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.6","0.3.7","0.3.8","0.3.9","0.3.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/procedure-data","href":"/ti/packages/npm/@squawk/procedure-data","description":"@squawk/procedure-data is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.7.3","0.7.4","0.7.5","0.7.6","0.7.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/procedures","href":"/ti/packages/npm/@squawk/procedures","description":"@squawk/procedures is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.2","0.5.3","0.5.4","0.5.5","0.5.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/types","href":"/ti/packages/npm/@squawk/types","description":"@squawk/types is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.1","0.8.2","0.8.3","0.8.4","0.8.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/units","href":"/ti/packages/npm/@squawk/units","description":"@squawk/units is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.4.3","0.4.4","0.4.5","0.4.6","0.4.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@squawk/weather","href":"/ti/packages/npm/@squawk/weather","description":"@squawk/weather is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.5.6","0.5.7","0.5.8","0.5.9","0.5.10"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@supersurkhet/cli","href":"/ti/packages/npm/@supersurkhet/cli","description":"@supersurkhet/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@supersurkhet/sdk","href":"/ti/packages/npm/@supersurkhet/sdk","description":"@supersurkhet/sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.2","0.0.3","0.0.4","0.0.5","0.0.6","0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/components","href":"/ti/packages/npm/@tallyui/components","description":"@tallyui/components is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-medusa","href":"/ti/packages/npm/@tallyui/connector-medusa","description":"@tallyui/connector-medusa is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-shopify","href":"/ti/packages/npm/@tallyui/connector-shopify","description":"@tallyui/connector-shopify is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-vendure","href":"/ti/packages/npm/@tallyui/connector-vendure","description":"@tallyui/connector-vendure is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/connector-woocommerce","href":"/ti/packages/npm/@tallyui/connector-woocommerce","description":"@tallyui/connector-woocommerce is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/core","href":"/ti/packages/npm/@tallyui/core","description":"@tallyui/core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2","0.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/database","href":"/ti/packages/npm/@tallyui/database","description":"@tallyui/database is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1","1.0.2","1.0.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/pos","href":"/ti/packages/npm/@tallyui/pos","description":"@tallyui/pos is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1","0.1.2","0.1.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/storage-sqlite","href":"/ti/packages/npm/@tallyui/storage-sqlite","description":"@tallyui/storage-sqlite is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2","0.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tallyui/theme","href":"/ti/packages/npm/@tallyui/theme","description":"@tallyui/theme is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.2.1","0.2.2","0.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/arktype-adapter","href":"/ti/packages/npm/@tanstack/arktype-adapter","description":"@tanstack/arktype-adapter is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.12","1.166.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/eslint-plugin-router","href":"/ti/packages/npm/@tanstack/eslint-plugin-router","description":"@tanstack/eslint-plugin-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.9","1.161.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/eslint-plugin-start","href":"/ti/packages/npm/@tanstack/eslint-plugin-start","description":"@tanstack/eslint-plugin-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["0.0.4","0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/history","href":"/ti/packages/npm/@tanstack/history","description":"@tanstack/history is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.9","1.161.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/nitro-v2-vite-plugin","href":"/ti/packages/npm/@tanstack/nitro-v2-vite-plugin","description":"@tanstack/nitro-v2-vite-plugin is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.154.12","1.154.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-router","href":"/ti/packages/npm/@tanstack/react-router","description":"@tanstack/react-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-router-devtools","href":"/ti/packages/npm/@tanstack/react-router-devtools","description":"@tanstack/react-router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-router-ssr-query","href":"/ti/packages/npm/@tanstack/react-router-ssr-query","description":"@tanstack/react-router-ssr-query is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.15","1.166.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start","href":"/ti/packages/npm/@tanstack/react-start","description":"@tanstack/react-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.68","1.167.71"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start-client","href":"/ti/packages/npm/@tanstack/react-start-client","description":"@tanstack/react-start-client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.51","1.166.54"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start-rsc","href":"/ti/packages/npm/@tanstack/react-start-rsc","description":"@tanstack/react-start-rsc is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["0.0.47","0.0.50"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/react-start-server","href":"/ti/packages/npm/@tanstack/react-start-server","description":"@tanstack/react-start-server is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.55","1.166.58"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-cli","href":"/ti/packages/npm/@tanstack/router-cli","description":"@tanstack/router-cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.46","1.166.49"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-core","href":"/ti/packages/npm/@tanstack/router-core","description":"@tanstack/router-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-devtools","href":"/ti/packages/npm/@tanstack/router-devtools","description":"@tanstack/router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-devtools-core","href":"/ti/packages/npm/@tanstack/router-devtools-core","description":"@tanstack/router-devtools-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.6","1.167.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-generator","href":"/ti/packages/npm/@tanstack/router-generator","description":"@tanstack/router-generator is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.45","1.166.48"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-plugin","href":"/ti/packages/npm/@tanstack/router-plugin","description":"@tanstack/router-plugin is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.38","1.167.41"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-ssr-query-core","href":"/ti/packages/npm/@tanstack/router-ssr-query-core","description":"@tanstack/router-ssr-query-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.168.3","1.168.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-utils","href":"/ti/packages/npm/@tanstack/router-utils","description":"@tanstack/router-utils is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.11","1.161.14"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/router-vite-plugin","href":"/ti/packages/npm/@tanstack/router-vite-plugin","description":"@tanstack/router-vite-plugin is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.53","1.166.56"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-router","href":"/ti/packages/npm/@tanstack/solid-router","description":"@tanstack/solid-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-router-devtools","href":"/ti/packages/npm/@tanstack/solid-router-devtools","description":"@tanstack/solid-router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-router-ssr-query","href":"/ti/packages/npm/@tanstack/solid-router-ssr-query","description":"@tanstack/solid-router-ssr-query is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.15","1.166.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-start","href":"/ti/packages/npm/@tanstack/solid-start","description":"@tanstack/solid-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.65","1.167.68"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-start-client","href":"/ti/packages/npm/@tanstack/solid-start-client","description":"@tanstack/solid-start-client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.50","1.166.53"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/solid-start-server","href":"/ti/packages/npm/@tanstack/solid-start-server","description":"@tanstack/solid-start-server is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.54","1.166.57"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-client-core","href":"/ti/packages/npm/@tanstack/start-client-core","description":"@tanstack/start-client-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.168.5","1.168.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-fn-stubs","href":"/ti/packages/npm/@tanstack/start-fn-stubs","description":"@tanstack/start-fn-stubs is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.9","1.161.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-plugin-core","href":"/ti/packages/npm/@tanstack/start-plugin-core","description":"@tanstack/start-plugin-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.23","1.169.26"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-server-core","href":"/ti/packages/npm/@tanstack/start-server-core","description":"@tanstack/start-server-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.33","1.167.36"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-static-server-functions","href":"/ti/packages/npm/@tanstack/start-static-server-functions","description":"@tanstack/start-static-server-functions is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.44","1.166.47"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/start-storage-context","href":"/ti/packages/npm/@tanstack/start-storage-context","description":"@tanstack/start-storage-context is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.38","1.166.41"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/valibot-adapter","href":"/ti/packages/npm/@tanstack/valibot-adapter","description":"@tanstack/valibot-adapter is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.12","1.166.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/virtual-file-routes","href":"/ti/packages/npm/@tanstack/virtual-file-routes","description":"@tanstack/virtual-file-routes is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.161.10","1.161.13"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-router","href":"/ti/packages/npm/@tanstack/vue-router","description":"@tanstack/vue-router is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.169.5","1.169.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-router-devtools","href":"/ti/packages/npm/@tanstack/vue-router-devtools","description":"@tanstack/vue-router-devtools is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.16","1.166.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-router-ssr-query","href":"/ti/packages/npm/@tanstack/vue-router-ssr-query","description":"@tanstack/vue-router-ssr-query is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.15","1.166.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-start","href":"/ti/packages/npm/@tanstack/vue-start","description":"@tanstack/vue-start is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.167.61","1.167.64"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-start-client","href":"/ti/packages/npm/@tanstack/vue-start-client","description":"@tanstack/vue-start-client is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.46","1.166.49"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/vue-start-server","href":"/ti/packages/npm/@tanstack/vue-start-server","description":"@tanstack/vue-start-server is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.50","1.166.53"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tanstack/zod-adapter","href":"/ti/packages/npm/@tanstack/zod-adapter","description":"@tanstack/zod-adapter is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["credential_stealer"],"versions":["1.166.12","1.166.15"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@taskflow-corp/cli","href":"/ti/packages/npm/@taskflow-corp/cli","description":"@taskflow-corp/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.24","0.1.25","0.1.26","0.1.27","0.1.28","0.1.29"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@tolka/cli","href":"/ti/packages/npm/@tolka/cli","description":"@tolka/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/access-policy-sdk","href":"/ti/packages/npm/@uipath/access-policy-sdk","description":"@uipath/access-policy-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/access-policy-tool","href":"/ti/packages/npm/@uipath/access-policy-tool","description":"@uipath/access-policy-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/admin-tool","href":"/ti/packages/npm/@uipath/admin-tool","description":"@uipath/admin-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/agent-sdk","href":"/ti/packages/npm/@uipath/agent-sdk","description":"@uipath/agent-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/agent-tool","href":"/ti/packages/npm/@uipath/agent-tool","description":"@uipath/agent-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/agent.sdk","href":"/ti/packages/npm/@uipath/agent.sdk","description":"@uipath/agent.sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.18"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/aops-policy-tool","href":"/ti/packages/npm/@uipath/aops-policy-tool","description":"@uipath/aops-policy-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/ap-chat","href":"/ti/packages/npm/@uipath/ap-chat","description":"@uipath/ap-chat is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.5.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/api-workflow-tool","href":"/ti/packages/npm/@uipath/api-workflow-tool","description":"@uipath/api-workflow-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/apollo-core","href":"/ti/packages/npm/@uipath/apollo-core","description":"@uipath/apollo-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["5.9.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/apollo-react","href":"/ti/packages/npm/@uipath/apollo-react","description":"@uipath/apollo-react is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["4.24.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/apollo-wind","href":"/ti/packages/npm/@uipath/apollo-wind","description":"@uipath/apollo-wind is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["2.16.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/auth","href":"/ti/packages/npm/@uipath/auth","description":"@uipath/auth is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/case-tool","href":"/ti/packages/npm/@uipath/case-tool","description":"@uipath/case-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/cli","href":"/ti/packages/npm/@uipath/cli","description":"@uipath/cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/codedagent-tool","href":"/ti/packages/npm/@uipath/codedagent-tool","description":"@uipath/codedagent-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/codedagents-tool","href":"/ti/packages/npm/@uipath/codedagents-tool","description":"@uipath/codedagents-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/codedapp-tool","href":"/ti/packages/npm/@uipath/codedapp-tool","description":"@uipath/codedapp-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/common","href":"/ti/packages/npm/@uipath/common","description":"@uipath/common is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/context-grounding-tool","href":"/ti/packages/npm/@uipath/context-grounding-tool","description":"@uipath/context-grounding-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/data-fabric-tool","href":"/ti/packages/npm/@uipath/data-fabric-tool","description":"@uipath/data-fabric-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/docsai-tool","href":"/ti/packages/npm/@uipath/docsai-tool","description":"@uipath/docsai-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/filesystem","href":"/ti/packages/npm/@uipath/filesystem","description":"@uipath/filesystem is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/flow-tool","href":"/ti/packages/npm/@uipath/flow-tool","description":"@uipath/flow-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/functions-tool","href":"/ti/packages/npm/@uipath/functions-tool","description":"@uipath/functions-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/gov-tool","href":"/ti/packages/npm/@uipath/gov-tool","description":"@uipath/gov-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/identity-tool","href":"/ti/packages/npm/@uipath/identity-tool","description":"@uipath/identity-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/insights-sdk","href":"/ti/packages/npm/@uipath/insights-sdk","description":"@uipath/insights-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/insights-tool","href":"/ti/packages/npm/@uipath/insights-tool","description":"@uipath/insights-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/integrationservice-sdk","href":"/ti/packages/npm/@uipath/integrationservice-sdk","description":"@uipath/integrationservice-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/integrationservice-tool","href":"/ti/packages/npm/@uipath/integrationservice-tool","description":"@uipath/integrationservice-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/llmgw-tool","href":"/ti/packages/npm/@uipath/llmgw-tool","description":"@uipath/llmgw-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/maestro-sdk","href":"/ti/packages/npm/@uipath/maestro-sdk","description":"@uipath/maestro-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/maestro-tool","href":"/ti/packages/npm/@uipath/maestro-tool","description":"@uipath/maestro-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/orchestrator-tool","href":"/ti/packages/npm/@uipath/orchestrator-tool","description":"@uipath/orchestrator-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-apiworkflow","href":"/ti/packages/npm/@uipath/packager-tool-apiworkflow","description":"@uipath/packager-tool-apiworkflow is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-bpmn","href":"/ti/packages/npm/@uipath/packager-tool-bpmn","description":"@uipath/packager-tool-bpmn is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-case","href":"/ti/packages/npm/@uipath/packager-tool-case","description":"@uipath/packager-tool-case is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.9"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-connector","href":"/ti/packages/npm/@uipath/packager-tool-connector","description":"@uipath/packager-tool-connector is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-flow","href":"/ti/packages/npm/@uipath/packager-tool-flow","description":"@uipath/packager-tool-flow is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.19"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-functions","href":"/ti/packages/npm/@uipath/packager-tool-functions","description":"@uipath/packager-tool-functions is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-webapp","href":"/ti/packages/npm/@uipath/packager-tool-webapp","description":"@uipath/packager-tool-webapp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-workflowcompiler","href":"/ti/packages/npm/@uipath/packager-tool-workflowcompiler","description":"@uipath/packager-tool-workflowcompiler is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/packager-tool-workflowcompiler-browser","href":"/ti/packages/npm/@uipath/packager-tool-workflowcompiler-browser","description":"@uipath/packager-tool-workflowcompiler-browser is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.34"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/platform-tool","href":"/ti/packages/npm/@uipath/platform-tool","description":"@uipath/platform-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/project-packager","href":"/ti/packages/npm/@uipath/project-packager","description":"@uipath/project-packager is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.1.16"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/resource-tool","href":"/ti/packages/npm/@uipath/resource-tool","description":"@uipath/resource-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/resourcecatalog-tool","href":"/ti/packages/npm/@uipath/resourcecatalog-tool","description":"@uipath/resourcecatalog-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/resources-tool","href":"/ti/packages/npm/@uipath/resources-tool","description":"@uipath/resources-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/robot","href":"/ti/packages/npm/@uipath/robot","description":"@uipath/robot is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.3.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/rpa-legacy-tool","href":"/ti/packages/npm/@uipath/rpa-legacy-tool","description":"@uipath/rpa-legacy-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/rpa-tool","href":"/ti/packages/npm/@uipath/rpa-tool","description":"@uipath/rpa-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.9.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solution-packager","href":"/ti/packages/npm/@uipath/solution-packager","description":"@uipath/solution-packager is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.35"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solution-tool","href":"/ti/packages/npm/@uipath/solution-tool","description":"@uipath/solution-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solutionpackager-sdk","href":"/ti/packages/npm/@uipath/solutionpackager-sdk","description":"@uipath/solutionpackager-sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.11"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/solutionpackager-tool-core","href":"/ti/packages/npm/@uipath/solutionpackager-tool-core","description":"@uipath/solutionpackager-tool-core is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.34"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/tasks-tool","href":"/ti/packages/npm/@uipath/tasks-tool","description":"@uipath/tasks-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/telemetry","href":"/ti/packages/npm/@uipath/telemetry","description":"@uipath/telemetry is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/test-manager-tool","href":"/ti/packages/npm/@uipath/test-manager-tool","description":"@uipath/test-manager-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/tool-workflowcompiler","href":"/ti/packages/npm/@uipath/tool-workflowcompiler","description":"@uipath/tool-workflowcompiler is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.0.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/traces-tool","href":"/ti/packages/npm/@uipath/traces-tool","description":"@uipath/traces-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/ui-widgets-multi-file-upload","href":"/ti/packages/npm/@uipath/ui-widgets-multi-file-upload","description":"@uipath/ui-widgets-multi-file-upload is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/uipath-python-bridge","href":"/ti/packages/npm/@uipath/uipath-python-bridge","description":"@uipath/uipath-python-bridge is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/vertical-solutions-tool","href":"/ti/packages/npm/@uipath/vertical-solutions-tool","description":"@uipath/vertical-solutions-tool is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/vss","href":"/ti/packages/npm/@uipath/vss","description":"@uipath/vss is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"@uipath/widget.sdk","href":"/ti/packages/npm/@uipath/widget.sdk","description":"@uipath/widget.sdk is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.2.3"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"agentwork-cli","href":"/ti/packages/npm/agentwork-cli","description":"agentwork-cli is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.4","0.1.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"cmux-agent-mcp","href":"/ti/packages/npm/cmux-agent-mcp","description":"cmux-agent-mcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"cross-stitch","href":"/ti/packages/npm/cross-stitch","description":"cross-stitch is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.1.3","1.1.4","1.1.5","1.1.6","1.1.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"git-branch-selector","href":"/ti/packages/npm/git-branch-selector","description":"git-branch-selector is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.3.3","1.3.4","1.3.5","1.3.6","1.3.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"git-git-git","href":"/ti/packages/npm/git-git-git","description":"git-git-git is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.8","1.0.9","1.0.10","1.0.11","1.0.12"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"ml-toolkit-ts","href":"/ti/packages/npm/ml-toolkit-ts","description":"ml-toolkit-ts is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["1.0.4","1.0.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"nextmove-mcp","href":"/ti/packages/npm/nextmove-mcp","description":"nextmove-mcp is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.1.3","0.1.4","0.1.5","0.1.6","0.1.7"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"safe-action","href":"/ti/packages/npm/safe-action","description":"safe-action is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.3","0.8.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"ts-dna","href":"/ti/packages/npm/ts-dna","description":"ts-dna is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["3.0.1","3.0.2","3.0.3","3.0.4","3.0.5"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"wot-api","href":"/ti/packages/npm/wot-api","description":"wot-api is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.8.1","0.8.2","0.8.3","0.8.4"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"pypi","name":"guardrails-ai","href":"/ti/packages/pypi/guardrails-ai","description":"guardrails-ai is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["0.10.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"pypi","name":"mistralai","href":"/ti/packages/pypi/mistralai","description":"mistralai is identified in the SafeDep analysis \"Mass Supply Chain Attack Hits TanStack, Mistral AI npm and PyPI Packages\". Over 400 compromised npm package versions and at least 2 PyPI packages published in a coordinated supply chain attack targeting TanStack, Mistral AI, UiPath, OpenSearch, guardrails-ai, and dozens of other packages.","threat_types":["other"],"versions":["2.4.6"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-05-12"},{"ecosystem":"npm","name":"noon-contracts","href":"/ti/packages/npm/noon-contracts","description":"noon-contracts is identified in the SafeDep analysis \"noon-contracts npm Package: DeFi Supply Chain RAT\". noon-contracts poses as a Noon Protocol SDK on npm. On install it exfiltrates SSH keys, crypto wallet private keys, AWS credentials (including live STS/S3/SecretsManager calls), Kubernetes secrets, .env files, shell history, and browser wallet paths to C2 at 82.221.101.203:8443. A full eval-based remote shell polls every 45 seconds. Triple persistence via crontab, macOS LaunchAgent, Linux systemd, and shell RC injection.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","crypto_drainer"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-05-10"},{"ecosystem":"npm","name":"martinez-polygon-clipping-tony","href":"/ti/packages/npm/martinez-polygon-clipping-tony","description":"martinez-polygon-clipping-tony is identified in the SafeDep analysis \"martinez-polygon-clipping-tony: Trojanized npm Fork Drops Telegram RAT\". martinez-polygon-clipping-tony is a trojanized fork of the legitimate martinez-polygon-clipping npm package. The postinstall hook downloads a PyInstaller-packed Telegram bot from 172.86.73.132 that provides full remote shell, screenshot capture, file upload/download, and self-destruct capabilities on Windows targets.","threat_types":["rat","persistence"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-05-07"},{"ecosystem":"npm","name":"common-tg-service","href":"/ti/packages/npm/common-tg-service","description":"Telegram account-takeover framework disguised as a NestJS Telegram service utility. All 502 published versions (1.0.1 through 1.3.207) are malicious. Sets a hardcoded 2FA password on managed accounts, polls operator IMAP for the confirmation code, evicts other authorized devices, and forwards OTP login codes from chat 777000 to operator-controlled Telegram bot channels. Pulls runtime config from npoint.io with committed plaintext credentials.","threat_types":["credential_stealer","data_exfiltration","c2_agent"],"versions":["1.3.207","1.0.1"],"campaigns":["shetty123 Telegram Hijack"],"discovered_at":"2026-05-03"},{"ecosystem":"npm","name":"ams-ssk","href":"/ti/packages/npm/ams-ssk","description":"Server-side runtime for the shetty123 Telegram-hijack operation, marketed as a NestJS file-management library. Defines the same folders/:folder/files/download-all API surface that common-tg-service consumes from cms.paidgirl.site. No direct local-execution payload against the installer; campaign-associated operator infrastructure published on npm under the same publisher.","threat_types":["c2_agent"],"versions":["1.0.33","1.0.0"],"campaigns":["shetty123 Telegram Hijack"],"discovered_at":"2026-05-03"},{"ecosystem":"npm","name":"node-env-resolve","href":"/ti/packages/npm/node-env-resolve","description":"node-env-resolve is identified in the SafeDep analysis \"node-env-resolve: npm Package Installs a Full RAT\". node-env-resolve is a malicious npm package that installs a full-featured remote access trojan on developer machines. The RAT streams screens, captures audio, steals browser history, and gives full mouse and keyboard control to a remote operator. The toolkit matches the OtterCookie RAT family linked to North Korea's Contagious Interview campaign.","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.3"],"campaigns":["tanvisoul9 npm Backdoors"],"discovered_at":"2026-05-03"},{"ecosystem":"npm","name":"exiouss","href":"/ti/packages/npm/exiouss","description":"exiouss is identified in the SafeDep analysis \"exiouss: Cookie Stealer Bundled in npm Exam Cheat\". exiouss on npm is the latest package from the loltestpad campaign — the same attacker who published the ixpresso-core Windows RAT in April. It bundles a dormant ChatGPT cookie stealer alongside an AI exam cheating tool, targeting students who willingly run it.","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.0"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-05-01"},{"ecosystem":"pypi","name":"pytorch-lightning","href":"/ti/packages/pypi/pytorch-lightning","description":"pytorch-lightning is identified in the SafeDep analysis \"PyTorch Lightning Compromised: Shai-Hulud Worm Reaches PyPI\". PyPI yanked PyTorch Lightning versions 2.6.2 and 2.6.3 after both embedded a two-stage credential-stealing payload. Any import of the library spawns an 11MB obfuscated JavaScript worm identical to the Shai-Hulud payload seen in the April 29 SAP npm campaign.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.5.3"],"campaigns":["Shai-Hulud"],"discovered_at":"2026-04-30"},{"ecosystem":"npm","name":"@cap-js/sqlite","href":"/ti/packages/npm/@cap-js/sqlite","description":"@cap-js/sqlite is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"@cap-js/postgres","href":"/ti/packages/npm/@cap-js/postgres","description":"@cap-js/postgres is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.2.2"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"@cap-js/db-service","href":"/ti/packages/npm/@cap-js/db-service","description":"@cap-js/db-service is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.10.1"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"mbt","href":"/ti/packages/npm/mbt","description":"mbt is identified in the SafeDep analysis \"Mini Shai Hulud and SAP Compromise\". Four SAP npm packages published on April 29, 2026 contain a two-stage credential-stealing payload targeting GitHub tokens, AWS keys, and CI/CD pipelines. The packages share SAP-affiliated maintainers, pointing to a publisher account compromise.","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["1.2.48"],"campaigns":["Mini Shai-Hulud"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"npm-global-util","href":"/ti/packages/npm/npm-global-util","description":"npm-global-util is identified in the SafeDep analysis \"npm-global-util: Credential Theft and Supply Chain Attack\". npm-global-util is a malicious npm package by maintainer raya4321 that exfiltrates credentials and system recon data via a preinstall hook. Part of a 16-package campaign targeting Apple developer CI/CD environments, with a second-stage that attempts to poison apple-app-store-server-library.","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"redeem-onchain-sdk","href":"/ti/packages/npm/redeem-onchain-sdk","description":"redeem-onchain-sdk is identified in the SafeDep analysis \"Malicious redeem-onchain-sdk npm Targets Crypto Wallets\". >-","threat_types":["crypto_drainer"],"versions":["1.0.0"],"campaigns":["Crypto Wallet Drainers"],"discovered_at":"2026-04-29"},{"ecosystem":"npm","name":"@bitwarden/cli","href":"/ti/packages/npm/@bitwarden/cli","description":"@bitwarden/cli is identified in the SafeDep analysis \"Bitwarden CLI Supply Chain Compromise\". >-","threat_types":["other"],"versions":["2026.4.1"],"campaigns":["TeamPCP"],"discovered_at":"2026-04-24"},{"ecosystem":"npm","name":"ixpresso-core","href":"/ti/packages/npm/ixpresso-core","description":"ixpresso-core is identified in the SafeDep analysis \"ixpresso-core: Windows RAT Disguised as a WhatsApp Agent\". ixpresso-core poses as an AI WhatsApp agent on npm but installs Veltrix, a Windows RAT that steals browser credentials, Discord tokens, and keystrokes via a hardcoded Discord webhook.","threat_types":["rat","credential_stealer","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.0","1.0.1","1.0.2"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-04-16"},{"ecosystem":"npm","name":"godsplan","href":"/ti/packages/npm/godsplan","description":"godsplan is identified in the SafeDep analysis \"ixpresso-core: Windows RAT Disguised as a WhatsApp Agent\". ixpresso-core poses as an AI WhatsApp agent on npm but installs Veltrix, a Windows RAT that steals browser credentials, Discord tokens, and keystrokes via a hardcoded Discord webhook.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-04-16"},{"ecosystem":"npm","name":"eyevox","href":"/ti/packages/npm/eyevox","description":"eyevox is identified in the SafeDep analysis \"ixpresso-core: Windows RAT Disguised as a WhatsApp Agent\". ixpresso-core poses as an AI WhatsApp agent on npm but installs Veltrix, a Windows RAT that steals browser credentials, Discord tokens, and keystrokes via a hardcoded Discord webhook.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["2.1.4","2.1.5","2.1.6","2.1.7","2.1.8","2.1.9","2.1.10","2.1.11"],"campaigns":["fucktestpad npm Malware"],"discovered_at":"2026-04-16"},{"ecosystem":"npm","name":"forge-jsx","href":"/ti/packages/npm/forge-jsx","description":"forge-jsx is identified in the SafeDep analysis \"forge-jsx npm Package: Purpose-Built Multi-Platform RAT\". forge-jsx poses as an Autodesk Forge SDK on npm. On install it deploys a system-wide keylogger, recursive .env file scanner, shell history exfiltrator, and a WebSocket-based remote filesystem backdoor to C2 at 204.10.194.247, with persistence via systemd, LaunchAgent, and Task Scheduler.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.0.10","1.0.11","1.0.12","1.0.13","1.0.14","1.0.15","1.0.16","1.0.17","1.0.18","1.0.19","1.0.20","1.0.21","1.0.22","1.0.23","1.0.24","1.0.25","1.0.26","1.0.27","1.0.28","1.0.29","1.0.30","1.0.31","1.0.32","1.0.33","1.0.34","1.0.35","1.0.36","1.0.37","1.0.38","1.0.39","1.0.40","1.0.41","1.0.42","1.0.43","1.0.44","1.0.45","1.0.46","1.0.47","1.0.48","1.0.49","1.0.50","1.0.51","1.0.52","1.0.53","1.0.54","1.0.55","1.0.56","1.0.57","1.0.58","1.0.59","1.0.60","1.0.61","1.0.62","1.0.63","1.0.64","1.0.65","1.0.66"],"campaigns":["forge-jsx RAT"],"discovered_at":"2026-04-15"},{"ecosystem":"npm","name":"@johntaohunter/forge-jsx","href":"/ti/packages/npm/@johntaohunter/forge-jsx","description":"@johntaohunter/forge-jsx is identified in the SafeDep analysis \"forge-jsx npm Package: Purpose-Built Multi-Platform RAT\". forge-jsx poses as an Autodesk Forge SDK on npm. On install it deploys a system-wide keylogger, recursive .env file scanner, shell history exfiltrator, and a WebSocket-based remote filesystem backdoor to C2 at 204.10.194.247, with persistence via systemd, LaunchAgent, and Task Scheduler.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.0.4"],"campaigns":["forge-jsx RAT"],"discovered_at":"2026-04-15"},{"ecosystem":"npm","name":"js-logger-pack","href":"/ti/packages/npm/js-logger-pack","description":"js-logger-pack is a malicious npm package (29 versions, 2026-04-01 to 2026-04-20) that evolved from an SSH backdoor and infostealer into a binary dropper for MicrosoftSystem64, an 81 MB Node.js SEA RAT with 24 remote tasks covering browser credential theft (15 families), 80+ crypto wallet extensions, keylogging, clipboard monitoring, screenshot capture to HuggingFace, Telegram session hijack, SSH key exfiltration, and remote shell access. Attributed to DPRK Famous Chollima / Contagious Interview via jpeek868 account linkage. OSV: MAL-2026-2827 / GHSA-mj89-jrhm-qxhc.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","persistence","c2_agent"],"versions":["0.0.1","1.0.0","1.1.0","1.1.2","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.1.10","1.1.14","1.1.17","1.1.18","1.1.19","1.1.20","1.1.21","1.1.22","1.1.23","1.1.24","1.1.25","1.1.26"],"campaigns":["Contagious Interview"],"discovered_at":"2026-04-15"},{"ecosystem":"npm","name":"dom-utils-lite","href":"/ti/packages/npm/dom-utils-lite","description":"dom-utils-lite is identified in the SafeDep analysis \"Malicious dom-utils-lite npm SSH Backdoor via Supabase\". dom-utils-lite and centralogger on npm inject attacker SSH keys into ~/.ssh/authorized_keys and exfiltrate server metadata to Supabase-hosted C2 infrastructure, granting persistent remote access.","threat_types":["persistence","data_exfiltration","c2_agent"],"versions":["1.0.0"],"campaigns":["tanvisoul9 npm Backdoors"],"discovered_at":"2026-04-14"},{"ecosystem":"npm","name":"centralogger","href":"/ti/packages/npm/centralogger","description":"centralogger is identified in the SafeDep analysis \"Malicious dom-utils-lite npm SSH Backdoor via Supabase\". dom-utils-lite and centralogger on npm inject attacker SSH keys into ~/.ssh/authorized_keys and exfiltrate server metadata to Supabase-hosted C2 infrastructure, granting persistent remote access.","threat_types":["persistence","data_exfiltration","c2_agent"],"versions":["1.0.5","1.0.6","1.0.7","1.0.8","1.0.9"],"campaigns":["tanvisoul9 npm Backdoors"],"discovered_at":"2026-04-14"},{"ecosystem":"npm","name":"@genoma-ui/components","href":"/ti/packages/npm/@genoma-ui/components","description":"@genoma-ui/components is identified in the SafeDep analysis \"Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others\". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.","threat_types":["c2_agent","dependency_confusion"],"versions":["999.9.9"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-04-10"},{"ecosystem":"npm","name":"rrweb-v1","href":"/ti/packages/npm/rrweb-v1","description":"rrweb-v1 is identified in the SafeDep analysis \"Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others\". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.","threat_types":["c2_agent","dependency_confusion"],"versions":["999.9.9"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-04-10"},{"ecosystem":"npm","name":"@needl-ai/common","href":"/ti/packages/npm/@needl-ai/common","description":"@needl-ai/common is identified in the SafeDep analysis \"Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others\". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.","threat_types":["c2_agent","dependency_confusion"],"versions":["999.9.9"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-04-10"},{"ecosystem":"npm","name":"sjs-biginteger","href":"/ti/packages/npm/sjs-biginteger","description":"sjs-biginteger is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"sjs-lint-build1","href":"/ti/packages/npm/sjs-lint-build1","description":"sjs-lint-build1 is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"bjs-biginteger","href":"/ti/packages/npm/bjs-biginteger","description":"bjs-biginteger is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"bjs-lint-builder","href":"/ti/packages/npm/bjs-lint-builder","description":"bjs-lint-builder is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"bjs-lint-builders","href":"/ti/packages/npm/bjs-lint-builders","description":"bjs-lint-builders is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"cjs-biginteger","href":"/ti/packages/npm/cjs-biginteger","description":"cjs-biginteger is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"ts-lint-builds","href":"/ti/packages/npm/ts-lint-builds","description":"ts-lint-builds is identified in the SafeDep analysis \"big.js Typosquat Campaign Implants SSH Backdoors\". Three waves of big.js typosquats (sjs-biginteger, bjs-biginteger, cjs-biginteger) from throwaway npm accounts implant SSH backdoors and exfiltrate credentials to Cloudflare-disguised C2 infrastructure.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","c2_agent","typosquat"],"versions":["1.0.0"],"campaigns":["big.js Typosquat SSH Backdoor"],"discovered_at":"2026-04-09"},{"ecosystem":"npm","name":"@fairwords/websocket","href":"/ti/packages/npm/@fairwords/websocket","description":"@fairwords/websocket is identified in the SafeDep analysis \"@fairwords npm Packages Hit by Credential Worm\". Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other packages using stolen npm tokens.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","worm"],"versions":["1.0.38","1.0.39"],"campaigns":["fairwords Credential Worm"],"discovered_at":"2026-04-08"},{"ecosystem":"npm","name":"@fairwords/loopback-connector-es","href":"/ti/packages/npm/@fairwords/loopback-connector-es","description":"@fairwords/loopback-connector-es is identified in the SafeDep analysis \"@fairwords npm Packages Hit by Credential Worm\". Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other packages using stolen npm tokens.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","worm"],"versions":["1.4.3","1.4.4"],"campaigns":["fairwords Credential Worm"],"discovered_at":"2026-04-08"},{"ecosystem":"npm","name":"@fairwords/encryption","href":"/ti/packages/npm/@fairwords/encryption","description":"@fairwords/encryption is identified in the SafeDep analysis \"@fairwords npm Packages Hit by Credential Worm\". Three @fairwords npm packages were compromised with a self-propagating worm that harvests credentials, crypto wallets, Chrome passwords, and spreads to other packages using stolen npm tokens.","threat_types":["credential_stealer","crypto_drainer","data_exfiltration","worm"],"versions":["0.0.5","0.0.6"],"campaigns":["fairwords Credential Worm"],"discovered_at":"2026-04-08"},{"ecosystem":"npm","name":"@velora-dex/sdk","href":"/ti/packages/npm/@velora-dex/sdk","description":"@velora-dex/sdk is identified in the SafeDep analysis \"Malicious @velora-dex/sdk Delivers Go RAT via npm\". Version 9.4.1 of @velora-dex/sdk, a DeFi SDK with ~2,000 weekly downloads, was compromised to deliver a Go-based remote access trojan (minirat) targeting macOS developers.","threat_types":["rat","persistence","crypto_drainer"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-08"},{"ecosystem":"pypi","name":"hermes-px","href":"/ti/packages/pypi/hermes-px","description":"hermes-px is identified in the SafeDep analysis \"Malicious hermes-px on PyPI Steals AI Conversations\". >-","threat_types":["credential_stealer","data_exfiltration"],"versions":["0.1.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-06"},{"ecosystem":"npm","name":"mgc","href":"/ti/packages/npm/mgc","description":"mgc is identified in the SafeDep analysis \"Compromised npm Package mgc Deploys Multi-Platform RAT\". The npm package mgc was compromised via account takeover, with four malicious versions published in rapid succession deploying a full Remote Access Trojan targeting macOS, Windows, and Linux.","threat_types":["rat","credential_stealer","data_exfiltration","persistence","c2_agent"],"versions":["1.2.1","1.2.2","1.2.3","1.2.4"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-cron","href":"/ti/packages/npm/strapi-plugin-cron","description":"strapi-plugin-cron is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-config","href":"/ti/packages/npm/strapi-plugin-config","description":"strapi-plugin-config is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-server","href":"/ti/packages/npm/strapi-plugin-server","description":"strapi-plugin-server is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-database","href":"/ti/packages/npm/strapi-plugin-database","description":"strapi-plugin-database is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-core","href":"/ti/packages/npm/strapi-plugin-core","description":"strapi-plugin-core is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-hooks","href":"/ti/packages/npm/strapi-plugin-hooks","description":"strapi-plugin-hooks is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-monitor","href":"/ti/packages/npm/strapi-plugin-monitor","description":"strapi-plugin-monitor is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-events","href":"/ti/packages/npm/strapi-plugin-events","description":"strapi-plugin-events is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-logger","href":"/ti/packages/npm/strapi-plugin-logger","description":"strapi-plugin-logger is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-health","href":"/ti/packages/npm/strapi-plugin-health","description":"strapi-plugin-health is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-sync","href":"/ti/packages/npm/strapi-plugin-sync","description":"strapi-plugin-sync is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-seed","href":"/ti/packages/npm/strapi-plugin-seed","description":"strapi-plugin-seed is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-locale","href":"/ti/packages/npm/strapi-plugin-locale","description":"strapi-plugin-locale is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-form","href":"/ti/packages/npm/strapi-plugin-form","description":"strapi-plugin-form is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-notify","href":"/ti/packages/npm/strapi-plugin-notify","description":"strapi-plugin-notify is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-api","href":"/ti/packages/npm/strapi-plugin-api","description":"strapi-plugin-api is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8","3.6.9"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-sitemap-gen","href":"/ti/packages/npm/strapi-plugin-sitemap-gen","description":"strapi-plugin-sitemap-gen is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-tools","href":"/ti/packages/npm/strapi-plugin-nordica-tools","description":"strapi-plugin-nordica-tools is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.10"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-sync","href":"/ti/packages/npm/strapi-plugin-nordica-sync","description":"strapi-plugin-nordica-sync is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-cms","href":"/ti/packages/npm/strapi-plugin-nordica-cms","description":"strapi-plugin-nordica-cms is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-api","href":"/ti/packages/npm/strapi-plugin-nordica-api","description":"strapi-plugin-nordica-api is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-recon","href":"/ti/packages/npm/strapi-plugin-nordica-recon","description":"strapi-plugin-nordica-recon is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-stage","href":"/ti/packages/npm/strapi-plugin-nordica-stage","description":"strapi-plugin-nordica-stage is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-vhost","href":"/ti/packages/npm/strapi-plugin-nordica-vhost","description":"strapi-plugin-nordica-vhost is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-deep","href":"/ti/packages/npm/strapi-plugin-nordica-deep","description":"strapi-plugin-nordica-deep is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica-lite","href":"/ti/packages/npm/strapi-plugin-nordica-lite","description":"strapi-plugin-nordica-lite is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.11"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-nordica","href":"/ti/packages/npm/strapi-plugin-nordica","description":"strapi-plugin-nordica is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.10"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-finseven","href":"/ti/packages/npm/strapi-plugin-finseven","description":"strapi-plugin-finseven is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-hextest","href":"/ti/packages/npm/strapi-plugin-hextest","description":"strapi-plugin-hextest is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-cms-tools","href":"/ti/packages/npm/strapi-plugin-cms-tools","description":"strapi-plugin-cms-tools is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-content-sync","href":"/ti/packages/npm/strapi-plugin-content-sync","description":"strapi-plugin-content-sync is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-debug-tools","href":"/ti/packages/npm/strapi-plugin-debug-tools","description":"strapi-plugin-debug-tools is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-health-check","href":"/ti/packages/npm/strapi-plugin-health-check","description":"strapi-plugin-health-check is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-guardarian-ext","href":"/ti/packages/npm/strapi-plugin-guardarian-ext","description":"strapi-plugin-guardarian-ext is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-advanced-uuid","href":"/ti/packages/npm/strapi-plugin-advanced-uuid","description":"strapi-plugin-advanced-uuid is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"strapi-plugin-blurhash","href":"/ti/packages/npm/strapi-plugin-blurhash","description":"strapi-plugin-blurhash is identified in the SafeDep analysis \"Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2\". >","threat_types":["c2_agent"],"versions":["3.6.8"],"campaigns":["Strapi Plugin C2 Campaign"],"discovered_at":"2026-04-03"},{"ecosystem":"npm","name":"express-session-js","href":"/ti/packages/npm/express-session-js","description":"express-session-js is identified in the SafeDep analysis \"Malicious npm Package express-session-js Drops Full RAT Payload\". A malicious npm package typosquatting express-session fetches and executes a full Remote Access Trojan from a paste service, targeting browser credentials, crypto wallets, SSH keys, and more.","threat_types":["rat","credential_stealer","crypto_drainer","data_exfiltration","c2_agent"],"versions":["1.19.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-04-02"},{"ecosystem":"npm","name":"axios","href":"/ti/packages/npm/axios","description":"axios is identified in the SafeDep analysis \"axios Compromised: npm Supply Chain Attack via Dependency Injection\". axios 1.14.1 was published to npm via a compromised maintainer account, injecting a trojanized dependency that executes a multi-platform reverse shell on install. No source code changes in axios itself, just a new entry in package.json.","threat_types":["rat","persistence"],"versions":["1.8.2"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-03-31"},{"ecosystem":"pypi","name":"telnyx","href":"/ti/packages/pypi/telnyx","description":"telnyx is identified in the SafeDep analysis \"Compromised telnyx on PyPI: WAV Steganography and Credential Theft\". >-","threat_types":["credential_stealer","data_exfiltration"],"versions":["2.0.0"],"campaigns":["TeamPCP"],"discovered_at":"2026-03-27"},{"ecosystem":"pypi","name":"litellm","href":"/ti/packages/pypi/litellm","description":"litellm is identified in the SafeDep analysis \"Malicious litellm 1.82.8: Credential Theft and Persistent Backdoor\". >-","threat_types":["credential_stealer","data_exfiltration","rat","persistence"],"versions":["1.82.8"],"campaigns":["TeamPCP"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"oc-aa-module-client","href":"/ti/packages/npm/oc-aa-module-client","description":"oc-aa-module-client is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"@wame/ngx-adfs","href":"/ti/packages/npm/@wame/ngx-adfs","description":"@wame/ngx-adfs is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"@the-coca-cola-company/ngps-global-common-utils","href":"/ti/packages/npm/@the-coca-cola-company/ngps-global-common-utils","description":"@the-coca-cola-company/ngps-global-common-utils is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"cr-static-shared-components","href":"/ti/packages/npm/cr-static-shared-components","description":"cr-static-shared-components is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"@ceeferenderer/fe-renderer-sdk","href":"/ti/packages/npm/@ceeferenderer/fe-renderer-sdk","description":"@ceeferenderer/fe-renderer-sdk is identified in the SafeDep analysis \"sl4x0 Dependency Confusion: 92 Packages Target Fortune 500\". A sustained dependency confusion campaign by the sl4x0 actor likely targets 20+ organizations including Adobe, Ford, Sony, and Coca-Cola with 92+ malicious npm packages exfiltrating developer data via DNS.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-03-24"},{"ecosystem":"npm","name":"react-refresh-update","href":"/ti/packages/npm/react-refresh-update","description":"react-refresh-update is identified in the SafeDep analysis \"Malicious npm Package react-refresh-update Drops Cross-Platform Trojan on Developer Machines\". >","threat_types":["credential_stealer","data_exfiltration","typosquat"],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","2.0.5"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-03-16"},{"ecosystem":"npm","name":"pino-sdk-v2","href":"/ti/packages/npm/pino-sdk-v2","description":"pino-sdk-v2 is identified in the SafeDep analysis \"Malicious npm Package pino-sdk-v2 Exfiltrates Secrets to Discord\". >","threat_types":["credential_stealer","data_exfiltration","typosquat"],"versions":["9.9.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2026-03-06"},{"ecosystem":"npm","name":"@Schedaero/shared","href":"/ti/packages/npm/@Schedaero/shared","description":"@Schedaero/shared is identified in the SafeDep analysis \"Malicious npm Packages Target Schedaero via Dependency Confusion\". A detailed analysis of a dependency confusion supply chain attack likely targeting Schedaero, a leading aviation software company. We dissect the payload, the exfiltration mechanism, and the indicators of compromise.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","dependency_confusion"],"versions":["99440.540.1"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2026-02-25"},{"ecosystem":"npm","name":"@zapier/zapier-sdk","href":"/ti/packages/npm/@zapier/zapier-sdk","description":"@zapier/zapier-sdk is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.15.5","0.15.6","0.15.7"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@asyncapi/specs","href":"/ti/packages/npm/@asyncapi/specs","description":"@asyncapi/specs is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["6.8.2","6.9.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown-print","href":"/ti/packages/npm/@quick-start-soft/quick-markdown-print","description":"@quick-start-soft/quick-markdown-print is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown","href":"/ti/packages/npm/@quick-start-soft/quick-markdown","description":"@quick-start-soft/quick-markdown is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-remove-image-background","href":"/ti/packages/npm/@quick-start-soft/quick-remove-image-background","description":"@quick-start-soft/quick-remove-image-background is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-git-clean-markdown","href":"/ti/packages/npm/@quick-start-soft/quick-git-clean-markdown","description":"@quick-start-soft/quick-git-clean-markdown is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-document-translator","href":"/ti/packages/npm/@quick-start-soft/quick-document-translator","description":"@quick-start-soft/quick-document-translator is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown-image","href":"/ti/packages/npm/@quick-start-soft/quick-markdown-image","description":"@quick-start-soft/quick-markdown-image is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@quick-start-soft/quick-task-refine","href":"/ti/packages/npm/@quick-start-soft/quick-task-refine","description":"@quick-start-soft/quick-task-refine is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@asyncapi/modelina","href":"/ti/packages/npm/@asyncapi/modelina","description":"@asyncapi/modelina is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.10.2","5.10.3"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"posthog-react-native","href":"/ti/packages/npm/posthog-react-native","description":"posthog-react-native is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["4.12.5","4.11.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"posthog-node","href":"/ti/packages/npm/posthog-node","description":"posthog-node is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.13.3","4.18.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/secret-scanner-wasm","href":"/ti/packages/npm/@postman/secret-scanner-wasm","description":"@postman/secret-scanner-wasm is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["2.1.2","2.1.3"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/csv-parse","href":"/ti/packages/npm/@postman/csv-parse","description":"@postman/csv-parse is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["4.0.3","4.0.4","4.0.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/node-keytar","href":"/ti/packages/npm/@postman/node-keytar","description":"@postman/node-keytar is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["7.9.1","7.9.2","7.9.4","7.9.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/tunnel-agent","href":"/ti/packages/npm/@postman/tunnel-agent","description":"@postman/tunnel-agent is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.6.5","0.6.6"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/wdio-allure-reporter","href":"/ti/packages/npm/@postman/wdio-allure-reporter","description":"@postman/wdio-allure-reporter is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.0.7","0.0.8"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/postman-mcp-cli","href":"/ti/packages/npm/@postman/postman-mcp-cli","description":"@postman/postman-mcp-cli is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.0.3","1.0.4"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/mcp-ui-client","href":"/ti/packages/npm/@postman/mcp-ui-client","description":"@postman/mcp-ui-client is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.5.1","5.5.2"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/wdio-junit-reporter","href":"/ti/packages/npm/@postman/wdio-junit-reporter","description":"@postman/wdio-junit-reporter is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.0.4","0.0.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/pm-bin-macos-arm64","href":"/ti/packages/npm/@postman/pm-bin-macos-arm64","description":"@postman/pm-bin-macos-arm64 is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.24.4","1.24.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/pm-bin-linux-x64","href":"/ti/packages/npm/@postman/pm-bin-linux-x64","description":"@postman/pm-bin-linux-x64 is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.24.4","1.24.5"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"@postman/aether-icons","href":"/ti/packages/npm/@postman/aether-icons","description":"@postman/aether-icons is identified in the SafeDep analysis \"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis\". Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals credential harvesting, GitHub Actions exploitation, and worm-like propagation affecting 25,000+ repositories. Includes IOCs, detection methods, and remediation steps.","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["2.23.3","2.23.4"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-11-24"},{"ecosystem":"npm","name":"hyatt-residential-roster","href":"/ti/packages/npm/hyatt-residential-roster","description":"hyatt-residential-roster is identified in the SafeDep analysis \"Malicious npm Packages Impersonating Hyatt Internal Dependencies\". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.","threat_types":["typosquat"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-10-23"},{"ecosystem":"npm","name":"hyatt-album","href":"/ti/packages/npm/hyatt-album","description":"hyatt-album is identified in the SafeDep analysis \"Malicious npm Packages Impersonating Hyatt Internal Dependencies\". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.","threat_types":["typosquat"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-10-23"},{"ecosystem":"npm","name":"hyatt-avatar","href":"/ti/packages/npm/hyatt-avatar","description":"hyatt-avatar is identified in the SafeDep analysis \"Malicious npm Packages Impersonating Hyatt Internal Dependencies\". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.","threat_types":["typosquat"],"versions":["999.999.999"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-10-23"},{"ecosystem":"npm","name":"@ctrl/tinycolor","href":"/ti/packages/npm/@ctrl/tinycolor","description":"@ctrl/tinycolor is identified in the SafeDep analysis \"npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More\". npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will analyze the attack and its impact on the npm ecosystem. We will also look at common attack patterns that are being used to target maintainers.","threat_types":["credential_stealer","data_exfiltration"],"versions":["4.1.1"],"campaigns":["Shai-Hulud"],"discovered_at":"2025-09-16"},{"ecosystem":"npm","name":"ansi-styles","href":"/ti/packages/npm/ansi-styles","description":"ansi-styles is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["6.2.2"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"debug","href":"/ti/packages/npm/debug","description":"debug is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["4.4.2"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"chalk","href":"/ti/packages/npm/chalk","description":"chalk is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["5.6.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"supports-color","href":"/ti/packages/npm/supports-color","description":"supports-color is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["10.2.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"strip-ansi","href":"/ti/packages/npm/strip-ansi","description":"strip-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["7.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"ansi-regex","href":"/ti/packages/npm/ansi-regex","description":"ansi-regex is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["6.2.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"wrap-ansi","href":"/ti/packages/npm/wrap-ansi","description":"wrap-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["9.0.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"color-convert","href":"/ti/packages/npm/color-convert","description":"color-convert is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["3.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"color-name","href":"/ti/packages/npm/color-name","description":"color-name is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["2.0.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"is-arrayish","href":"/ti/packages/npm/is-arrayish","description":"is-arrayish is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["0.3.3"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"slice-ansi","href":"/ti/packages/npm/slice-ansi","description":"slice-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["7.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"error-ex","href":"/ti/packages/npm/error-ex","description":"error-ex is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["1.3.3"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"color-string","href":"/ti/packages/npm/color-string","description":"color-string is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["2.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"simple-swizzle","href":"/ti/packages/npm/simple-swizzle","description":"simple-swizzle is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["0.2.3"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"supports-hyperlinks","href":"/ti/packages/npm/supports-hyperlinks","description":"supports-hyperlinks is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["4.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"has-ansi","href":"/ti/packages/npm/has-ansi","description":"has-ansi is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["6.0.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"chalk-template","href":"/ti/packages/npm/chalk-template","description":"chalk-template is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["1.1.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"backslash","href":"/ti/packages/npm/backslash","description":"backslash is identified in the SafeDep analysis \"npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)\". Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed technical breakdown of 76KB malware payload disguised in has-ansi@6.0.1 and multi-stage attack architecture.","threat_types":["crypto_drainer"],"versions":["0.2.1"],"campaigns":["qix npm Account Compromise"],"discovered_at":"2025-09-08"},{"ecosystem":"npm","name":"nx","href":"/ti/packages/npm/nx","description":"nx is identified in the SafeDep analysis \"nx Build System Compromised Targeting Linux and MacOS developers\". The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that stole credentials, exfiltrated sensitive files, and added destructive commands to shell configs, causing system shutdowns and data leaks.","threat_types":["credential_stealer","data_exfiltration","wiper"],"versions":["21.5.0"],"campaigns":["s1ngularity nx Build System Compromise"],"discovered_at":"2025-08-27"},{"ecosystem":"npm","name":"@nx/js","href":"/ti/packages/npm/@nx/js","description":"@nx/js is identified in the SafeDep analysis \"nx Build System Compromised Targeting Linux and MacOS developers\". The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that stole credentials, exfiltrated sensitive files, and added destructive commands to shell configs, causing system shutdowns and data leaks.","threat_types":["credential_stealer","data_exfiltration","wiper"],"versions":["20.9.0"],"campaigns":["s1ngularity nx Build System Compromise"],"discovered_at":"2025-08-27"},{"ecosystem":"npm","name":"tensorflowjs","href":"/ti/packages/npm/tensorflowjs","description":"tensorflowjs is identified in the SafeDep analysis \"TensorFlow.js Typosquatting Attack: Malicious Package Targeting AI/ML Developers\". A malicious NPM package targeting TensorFlow users was discovered on npm. The package uses typosquatting to target the popular `tensorflow` package.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"bitensor","href":"/ti/packages/pypi/bitensor","description":"bitensor is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4","9.9.5"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"bittenso-cli","href":"/ti/packages/pypi/bittenso-cli","description":"bittenso-cli is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"qbittensor","href":"/ti/packages/pypi/qbittensor","description":"qbittensor is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.4"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"pypi","name":"bittenso","href":"/ti/packages/pypi/bittenso","description":"bittenso is identified in the SafeDep analysis \"Multiple Malicious Python Packages Targeting Bittensor Crypto Developers\". Multiple malicious Python packages targeting crypto developers and their applications using typosquatting were discovered on PyPI. The packages were used to steal funds by executing a stealthy staking operation.","threat_types":["credential_stealer","data_exfiltration","rat","persistence","crypto_drainer","typosquat"],"versions":["9.9.5"],"campaigns":["Bittensor Typosquat Campaign"],"discovered_at":"2025-08-12"},{"ecosystem":"npm","name":"eslint-config-prettier","href":"/ti/packages/npm/eslint-config-prettier","description":"eslint-config-prettier is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["8.10.1","9.1.1","10.1.6","10.1.7"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"eslint-plugin-prettier","href":"/ti/packages/npm/eslint-plugin-prettier","description":"eslint-plugin-prettier is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["4.2.2","4.2.3"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"snyckit","href":"/ti/packages/npm/snyckit","description":"snyckit is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["0.11.9"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"@pkgr/core","href":"/ti/packages/npm/@pkgr/core","description":"@pkgr/core is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["0.2.8"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"napi-postinstall","href":"/ti/packages/npm/napi-postinstall","description":"napi-postinstall is identified in the SafeDep analysis \"eslint-config-prettier Compromised: How npm Package with 30 Million Downloads Spread Malware\". A supply chain attack exploiting eslint-config-prettier and other popular npm packages were discovered with major supply chain impact. In this blog, we will explore the details of the hack and the impact it had on the npm ecosystem.","threat_types":["other"],"versions":["0.3.1"],"campaigns":["eslint-config-prettier Compromise"],"discovered_at":"2025-07-21"},{"ecosystem":"npm","name":"express-cookie-parser","href":"/ti/packages/npm/express-cookie-parser","description":"express-cookie-parser is identified in the SafeDep analysis \"Malicious npm Package Impersonating Popular Express Cookie Parser\". A malicious npm package impersonating the popular Express cookie parser package was discovered by SafeDep Cloud malicious package scanning service.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-04-23"},{"ecosystem":"npm","name":"slf4j-api-js","href":"/ti/packages/npm/slf4j-api-js","description":"slf4j-api-js is identified in the SafeDep analysis \"Malicious npm Package Impersonating Java SLF4J\". A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-04-21"},{"ecosystem":"npm","name":"nyc-config","href":"/ti/packages/npm/nyc-config","description":"nyc-config is identified in the SafeDep analysis \"Typosquatt alert ! Malicious npm Package: nyc-config\". Possible typosquatting against @istanbuljs/load-nyc-config with ~25M weekly downloads.","threat_types":["typosquat"],"versions":["1.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2025-03-13"},{"ecosystem":"npm","name":"chrome-api-utils","href":"/ti/packages/npm/chrome-api-utils","description":"chrome-api-utils is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.1.0"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"grafana-sentry-datasource","href":"/ti/packages/npm/grafana-sentry-datasource","description":"grafana-sentry-datasource is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.0.4"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"@patternfly-v5/patternfly","href":"/ti/packages/npm/@patternfly-v5/patternfly","description":"@patternfly-v5/patternfly is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.0.2"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"electron-builder-13","href":"/ti/packages/npm/electron-builder-13","description":"electron-builder-13 is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["13.4.5"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"graphql.vscode-graphql-syntax","href":"/ti/packages/npm/graphql.vscode-graphql-syntax","description":"graphql.vscode-graphql-syntax is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["99.99.99"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"mattermost-cloudnative-bootstrapper","href":"/ti/packages/npm/mattermost-cloudnative-bootstrapper","description":"mattermost-cloudnative-bootstrapper is identified in the SafeDep analysis \"Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack\". Multiple npm packages impersonating popular package names were published to the npm registry including by a Snyk researcher apparently targeting internal packages at Cursor AI.","threat_types":["rat","persistence","dependency_confusion","typosquat"],"versions":["1.0.0"],"campaigns":["Enterprise Dependency Confusion"],"discovered_at":"2025-01-16"},{"ecosystem":"npm","name":"themes-vendor","href":"/ti/packages/npm/themes-vendor","description":"themes-vendor is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1","0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"x509-escaping","href":"/ti/packages/npm/x509-escaping","description":"x509-escaping is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1","0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"keycloak-server","href":"/ti/packages/npm/keycloak-server","description":"keycloak-server is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1","0.0.3"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"module-stub","href":"/ti/packages/npm/module-stub","description":"module-stub is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"postject-copy","href":"/ti/packages/npm/postject-copy","description":"postject-copy is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"micrometer-docs","href":"/ti/packages/npm/micrometer-docs","description":"micrometer-docs is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.3"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"orbit-playroom","href":"/ti/packages/npm/orbit-playroom","description":"orbit-playroom is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"weekendfe","href":"/ti/packages/npm/weekendfe","description":"weekendfe is identified in the SafeDep analysis \"npm - The Playground for Malicious Packages\". Multiple npm packages impersonating popular package names are being used to distribute malware. We take a closer look at the campaign.","threat_types":["typosquat"],"versions":["0.0.1"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-12-11"},{"ecosystem":"npm","name":"llm-oracle","href":"/ti/packages/npm/llm-oracle","description":"llm-oracle is identified in the SafeDep analysis \"Malicious Open Source Library Analysis: llm-oracle and its Payload\". Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.","threat_types":["other"],"versions":["1.0.2"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-11-04"},{"ecosystem":"npm","name":"redis-oracle","href":"/ti/packages/npm/redis-oracle","description":"redis-oracle is identified in the SafeDep analysis \"Malicious Open Source Library Analysis: llm-oracle and its Payload\". Malware hidden in open source library packages are real. In this article, we analyse the malicious npm package llm-oracle.","threat_types":["other"],"versions":["0.0.0"],"campaigns":["No Specific Campaign"],"discovered_at":"2024-11-04"}]