JFrog Security(@JFrogSecurity):🚨Supply Chain SECURITY ALERT: "niagA oG eW ereH :duluH-iahS" 🔄 The Shai-Hulud supply chain attack has slithered into the @antv ecosystem, affecting more than 600 package releases . A compromised maintainer account was used to inject credential-stealing code into popular visualization and React packages (including echarts-for-react), threatening millions of weekly downloads. JFrog Curation customers using an Immaturity policy were fully protected from this attack, as all of the hijacked packages were flagged in less than 24 hours. See our blog for a full analysis of this attack, including an ongoing list of compromised packages (link shared soon in this thread).

2026.05.19 06:24

🚨Supply Chain SECURITY ALERT: "niagA oG eW ereH :duluH-iahS" 🔄 The Shai-Hulud supply chain attack has slithered into the @antv ecosystem, affecting more than 600 package releases . A compromised maintainer account was used to inject credential-stealing code into popular visualization and React packages (including echarts-for-react), threatening millions of weekly downloads. JFrog Curation customers using an Immaturity policy were fully protected from this attack, as all of the hijacked packages were flagged in less than 24 hours. See our blog for a full analysis of this attack, including an ongoing list of compromised packages (link shared soon in this thread).