{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreibsug6patim3vvj55pzsfleq2wkxcj7lwexocczoqzcbplb6orexy",
    "uri": "at://did:plc:avkh7zze5iapdkk6naaunrjn/app.bsky.feed.post/3mmallnllo6w2"
  },
  "path": "/260519/p62#a260519p62",
  "publishedAt": "2026-05-19T22:20:00.000Z",
  "site": "https://www.techmeme.com",
  "tags": [
    "BleepingComputer",
    "Threat actors published 600+ malicious versions to npm as part of the Shai-Hulud supply chain campaign; most of the affected packages are in the @antv ecosystem"
  ],
  "textContent": "Bill Toulas / BleepingComputer:\n**Threat actors published 600+ malicious versions to npm as part of the Shai-Hulud supply chain campaign; most of the affected packages are in the @antv ecosystem** — Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign.",
  "title": "Threat actors published 600+ malicious versions to npm as part of the Shai-Hulud supply chain campaign; most of the affected packages are in the @antv ecosystem (Bill Toulas/BleepingComputer)"
}