Mini Shai-Hulud worm hijacks 323 npm packages under 30 minutes through a single stolen account
May 20, 2026
< 1 min read
by Micah Abiodun
for CryptoPolitan

Share:
On May 19, the Mini Shai-Hulud worm compromised one npm maintainer account and pushed 639 malicious versions across 323 packages in under 30 minutes. The compromised account, “atool” (i@hust.cc), publishes Alibaba’s entire @antv data visualization stack alongside standalone libraries used in crypto dashboards, DeFi front ends, and fintech applications. The highest-traffic targets: size-sensor at 4.2...