Threat Intelligence Report

Active Supply Chain Attack Compromises @antv Packages on npm

📅 May 19, 2026 📰 socket.dev 🔍 0 CVE(s) referenced

A coordinated supply chain attack has compromised hundreds of popular npm packages—including the @antv ecosystem—injecting credential-stealing malware that targets developer and CI/CD secrets, posing widespread risk to organizations that automatically update dependencies.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle