How to Check for Impacted @antv Packages in Your SBOM

On May 19, 2026, the Mini Shai-Hulud supply chain worm, which was first seen targeting TanStack packages on May 11, returned with its largest campaign yet. The compromised npm account

atool

was used to publish more than 600 malicious versions over 300+ packages spanning Alibaba's AntV data visualization suite,

echarts-for-react, timeago.js (1.5 million weekly downloads), jest-canvas-mock, jest-date-mock

and dozens of supporting utilities. All packages were poisoned in two coordinated waves within ten minutes of each other.

This is not a conventional package compromise. The Shai-Hulud worm reads GitHub Actions runner memory to extract masked CI/CD secrets in plaintext, sweeps over 130 credential file paths on the host filesystem, and exfiltrates everything it finds through two channels simultaneously. It then uses stolen tokens to spread itself. Over 2,500 public GitHub repositories have already been created using exfiltrated credentials, each stamped with the campaign marker

niagA oG eW ereH :duluH-iahS

"Shai-Hulud: Here We Go Again" in reverse. The blast radius is visible in real time.

Full technical analysis is available in StepSecurity's write-up.

If you installed any affected package, assume all secrets accessible in that environment are compromised. Rotate all credentials immediately.

Attack Overview & Affected Packages

The attack exploits CI/CD pipelines as both its target and its propagation mechanism. Two distinct delivery patterns were used, both execute the same payload, they differ only in how it is triggered during npm install.

The following packages and versions are confirmed malicious. Do not install or upgrade to these versions:

timeago.js4.1.2, 4.2.2
timeago-react3.1.7, 3.2.7
echarts-for-react3.0.7, 3.1.7, 3.2.7
jest-canvas-mock2.5.3, 2.6.3, 2.7.3
jest-date-mock1.0.11, 1.1.11, 1.2.11
size-sensor1.0.4, 1.1.4, 1.2.4
canvas-nest.js2.1.4, 2.2.4
mcp-echarts0.8.1, 0.9.1
mcp-mermaid0.5.1, 0.6.1
@antv/g25.5.8, 5.6.8
@antv/g2plot2.5.35, 2.6.35
@antv/g65.2.1, 5.3.1
@antv/g6-core0.9.24, 0.10.24
@antv/g6-element0.9.25, 0.10.25
@antv/g6-extension-react0.3.7, 0.4.7
@antv/g6.4.1, 6.5.1
@antv/g-lite2.8.0, 2.9.0
@antv/g-canvas2.3.0, 2.4.0
@antv/g-webgl2.2.1, 2.3.1
@antv/g-svg2.2.1, 2.3.1
@antv/l72.26.10, 2.27.10
@antv/l7-react2.5.3, 2.6.3
@antv/l7plot0.6.11, 0.7.11
@antv/x63.2.7, 3.3.7
@antv/x6-react-shape3.1.1, 3.2.1
@antv/x6-vue-shape3.1.2, 3.2.2
@antv/s22.8.1, 2.9.1
@antv/s2-react2.4.1, 2.5.1
@antv/graphlib2.1.4, 2.2.4
@antv/graphin3.1.5, 3.2.5
@antv/ava3.5.1, 3.6.1
@antv/util3.4.11, 3.5.11
@antv/data-set0.12.8, 0.13.8
@antv/coord0.5.7, 0.6.7
@antv/layout-gpu1.2.7, 1.3.7
@antv/layout-wasm1.5.2, 1.6.2
@antv/f25.15.0, 5.16.0
@antv/f-engine1.11.0, 1.12.0
@antv/gpt-vis1.1.0, 1.2.0
@antv/mcp-server-antv0.2.8, 0.3.8
@antv/mcp-server-chart0.10.10, 0.11.10
@lint-md/cli2.1.0, 2.2.0
@lint-md/core2.1.0, 2.2.0

This is a partial list. See the StepSecurity OSS Package Security Feed for the complete and up-to-date list of all 300+ affected packages and versions.

How to Check with Arnica

Arnica customers can search their SBOM for impacted AntV and related packages directly from the platform. We have added the Shai-Hulud AntV campaign to Arnica's Supply Chain Attack database, allowing you to identify all affected package versions across your entire codebase instantly, including transitive dependencies and container images.

To find affected packages in your SBOM:

• Navigate to the SBOM view in Arnica.
• Use the advanced search filter and select "@antv npm Packages Compromised (Mini Shai-Hulud)(May 2026)" from the dropdown.
• Arnica will surface every repository and container image in your organization that references an affected version, across all connected SCM platforms.

Because the Shai-Hulud worm uses stolen CI/CD tokens to publish additional poisoned packages from compromised accounts, it is especially important to search broadly, not just for the known affected packages, but also for any internal packages your pipelines may have published after running npm install on a compromised version. Arnica's SBOM coverage across both source repositories and container images helps you close that gap quickly.

Recommended Actions

Finding no impacted versions in your SBOM is a strong signal, but not sufficient on its own. This campaign is the largest coordinated npm supply chain attack on record. It compromises packages that are staples of React, data visualization, mapping, testing, and enterprise data platform stacks. The worm specifically targets CI/CD pipelines and exploits the trust your pipelines place in their own build processes.

This worm reads GitHub Actions runner memory to extract masked secrets; meaning any pipeline that ran npm install with an affected package during the May 19 UTC window may have had credentials exfiltrated even if no malicious version appears in your lockfile. Any developer who ran npm install locally with an affected package is also at risk.

• ‍Rotate secrets proactively for any developer machine or pipeline that may have installed an affected package. Do not wait for confirmation. The Runner.Worker memory scraper captures every secret, including masked ones, and exfiltration has been confirmed active.‍
• Audit your organization's npm publish activity continuously. Unexpected releases from your own npm account are the clearest downstream signal that the worm has used your tokens. Arnica's SBOM and package reputation monitoring surfaces anomalous publish activity across your connected repositories as it happens.
• Use Arnica DepsGuard to block install-time risk before it reaches your pipeline. DepsGuard evaluates every dependency update against Arnica's real-time threat intelligence, flagging newly published packages, suspicious version bumps, and packages matching known worm delivery patterns before the install ever runs. Both delivery mechanisms used in this campaign would have been surfaced as high-risk before a single secret could be exfiltrated.

Arnica customers have the visibility needed to identify exposure to this campaign today. If you're not yet an Arnica customer and want to check whether your organization is affected, get started with Arnica for free.

‍