PANews|5月 20, 2026 00:49
Warning: The "Mini Sandworm" worm has recently completed a large-scale infection in the open source code repository. Developers need to pay attention to troubleshooting
The encrypted KOL @ mubeitech has issued a reminder stating that the open-source base package, which is downloaded 1.1 million times a week, has been flagged by the system as known malware. Its supply chain security score is directly reset to zero. This is a code worm called "Mini Shai Hulud". It has recently completed a large-scale infection in the open source code repository. The victim list is full of high-frequency components. Alibaba's data visualization suite AntV has hundreds of packages implanted with malicious code. The commonly used front-end tools such as echarts for react and timeago. js are also not immune. Just for echarts for reaction, the weekly installation volume is as high as 1.1 million times. The cause was the loss of a regular developer account. The account with username atool has had its permissions stolen.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink