Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings
Cyber-crime
Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings
An npm account compromise infected 314 npm packages with malware, including size-sensor, echarts-for-react, timeago.js,
and packages scoped to @antv, in a 22-minute burst of activity in the early hours of Tuesday morning.The most popular impacted package is size-sensor, downloaded
4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new…
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
Mini Shai-Hulud hits @antv and echarts-for-react via npm maintainer compromise, exposing 1.1M weekly downloads to credential…
A self-replicating worm that hijacks GitHub Actions pipelines to publish malicious npm packages has struck again, compromising…
4 malicious npm packages with 3,006 downloads spread stealers and Phantom Bot, forcing removals and secret rotation.
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages…
