What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? Full explain
- Posted on May 19, 2026
- By Business News Today
- 0 Views
- 1 min read
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? Full explain
What is Mini Shai-Hulud npm supply chain attack, and was Microsoft and Socket hit by malware? A new npm supply chain attack hit hundreds of packages linked to the @antv ecosystem. Attackers used a compromised maintainer account to publish malicious versions that stole credentials and spread across repositories. Microsoft and Socket confirmed investigations and detections. The incident shows how dependency attacks can spread fast across CI/CD, cloud services, and developer tools worldwide.
