{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidp7iewwhiage3v225iwy2awpqfac46mczvxtpqwadqg2oto4hw6m",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mm6xgzxzc3c2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiffdtkjmoxsrd4eypekqexbnzpznpifsnkhd2fkk5c4eti57zzmqi"
    },
    "mimeType": "image/jpeg",
    "size": 571264
  },
  "path": "/2026/05/mini-shai-hulud-pushes-malicious-antv.html",
  "publishedAt": "2026-05-19T04:54:17.000Z",
  "site": "https://thehackernews.com",
  "tags": [
    "@antv"
  ],
  "textContent": "Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.\n\n\"The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly",
  "title": "Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account"
}