PANews
PANews|5月 20, 2026 00:49
Warning: The "Mini Sandworm" worm has recently completed a large-scale infection in the open source code repository. Developers need to pay attention to troubleshooting The encrypted KOL @ mubeitech has issued a reminder stating that the open-source base package, which is downloaded 1.1 million times a week, has been flagged by the system as known malware. Its supply chain security score is directly reset to zero. This is a code worm called "Mini Shai Hulud". It has recently completed a large-scale infection in the open source code repository. The victim list is full of high-frequency components. Alibaba's data visualization suite AntV has hundreds of packages implanted with malicious code. The commonly used front-end tools such as echarts for react and timeago. js are also not immune. Just for echarts for reaction, the weekly installation volume is as high as 1.1 million times. The cause was the loss of a regular developer account. The account with username atool has had its permissions stolen.
+1
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads