Mini Shai Hulud: @antv npm Supply Chain Attack Exposes CI/CD Credentials
Executive Summary
In May 2026, a supply chain attack targeted the @antv npm package ecosystem. A threat actor compromised an @antv maintainer account, publishing malicious versions of popular data-visualization packages. This led to widespread impact, as the malicious code propagated through dependencies like echarts-for-react, affecting CI/CD pipelines and cloud workloads. The payload, a 499 KB obfuscated JavaScript file, executed silently during npm install, aiming to steal credentials from GitHub Actions environments. Key features included multi-platform credential theft, process memory scraping, privilege escalation, dual-channel data exfiltration, and SLSA provenance forgery, indicating a sophisticated focus on CI/CD environments.
This incident underscores the escalating threat of supply chain attacks, particularly targeting CI/CD environments. The attack's sophistication, including SLSA provenance forgery, highlights the need for enhanced security measures in software development pipelines to prevent unauthorized access and data breaches.
Why This Matters Now
The increasing frequency and sophistication of supply chain attacks, as demonstrated by the @antv incident, pose significant risks to software development and deployment processes. Organizations must prioritize securing their CI/CD pipelines and implement robust monitoring to detect and mitigate such threats promptly.
Attack Path Analysis
The attack began with the compromise of the @antv maintainer account, leading to the publication of malicious npm package versions. These packages, when installed, executed obfuscated scripts that harvested credentials from CI/CD environments. The stolen credentials facilitated unauthorized access to various cloud services and repositories, enabling further lateral movement. The attackers established command and control channels to exfiltrate the harvested data. The exfiltrated credentials were used to create rogue repositories and potentially compromise additional systems. The widespread distribution of compromised packages led to significant trust erosion in the npm ecosystem and potential downstream impacts on numerous projects.
Kill Chain Progression
Initial Compromise
Description
The attackers compromised the @antv maintainer account and published malicious versions of npm packages.
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Dependencies and Development Tools
Command and Scripting Interpreter: JavaScript
Unsecured Credentials: Credentials in Files
Unsecured Credentials: Container API
Valid Accounts: Cloud Accounts
Valid Accounts: Application Accounts
Impair Defenses: Disable or Modify Tools
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure the integrity of software and scripts
Control ID: 6.3.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Supply Chain Risk Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Supply chain attacks targeting npm packages directly compromise software development pipelines, enabling widespread CI/CD credential theft and malicious code injection across applications.
Information Technology/IT
Compromised development tools and CI/CD systems expose cloud credentials, GitHub tokens, and infrastructure secrets, enabling lateral movement across enterprise IT environments.
Financial Services
Banking applications using affected visualization libraries face credential exposure risks, potentially compromising payment systems and violating PCI DSS compliance requirements.
Health Care / Life Sciences
Healthcare dashboards and patient data systems using compromised packages risk HIPAA violations through credential theft and unauthorized access to sensitive medical information.
Sources
- Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential thefthttps://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/Verified
- Widespread Supply Chain Compromise Impacting npm Ecosystemhttps://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystemVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have limited the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to distribute malicious packages would likely be constrained, reducing the scope of initial compromise.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to access and extract credentials from CI/CD environments would likely be limited, reducing the scope of privilege escalation.
Control: East-West Traffic Security
Mitigation: The attacker's ability to move laterally across cloud services and repositories would likely be constrained, reducing the scope of lateral movement.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be limited, reducing the scope of data exfiltration.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate credentials and create rogue repositories would likely be constrained, reducing the scope of further system compromise.
The overall impact of the attack would likely be reduced, limiting trust erosion and downstream impacts.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD) Pipelines
- Cloud Infrastructure Management
Estimated downtime: 7 days
Estimated loss: $500,000
Compromised CI/CD credentials leading to potential unauthorized access to source code repositories and cloud environments.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access between workloads and limit lateral movement.
- • Enforce Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
- • Utilize Multicloud Visibility & Control to detect anomalous interactions and repeated malformed requests indicative of compromise.
- • Deploy Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious activities in real-time.
- • Regularly audit and rotate credentials, tokens, and access keys to minimize the impact of potential compromises.
