malware npm

@antv/g-dom-mutation-observer-api

discovered 2026-05-19

@antv/g-dom-mutation-observer-api is identified in the SafeDep analysis "Mini Shai-Hulud Strikes Again: 317 npm Packages Compromised". A compromised npm maintainer account published 637 malicious versions across 317 packages including size-sensor, echarts-for-react, timeago.js, and hundreds of @antv scoped packages, affecting 15M+ monthly downloads.

Threat types

credential_stealer

Malicious versions

  • 2.1.42
  • 2.2.42

Campaigns

Indicators

Techniques

Read the full analysis →