On May 19, 2026, MistEye detected a large-scale npm supply chain attack where the account 'atool' published 637 malicious versions of 317 packages in 22 minutes. Target packages included Alibaba's AntV suite (@antv/scale, ~2.2M monthly downloads), echarts-for-react (~3.8M), size-sensor (~4.2M), and timeago.js (~1.15M). The attack exploited npm lifecycle hooks (preinstall/postinstall) to execute obfuscated JavaScript (over 10,000 lines after deobfuscation) that stole credentials from AWS, GCP, Azure, Kubernetes, Vault, GitHub Actions, password managers, SSH keys, databases, and Stripe/Slack API keys. Data was double-encrypted and exfiltrated. The payload included self-propagation and persistence targeting AI coding assistants (Claude Code, Codex) and VS Code. Separately, Grafana confirmed a targeted attack on its GitHub repos on May 16, and on May 20, attackers uploaded malicious durabletask versions to PyPI. GitHub reported a source code leak tied to a compromised employee device via a trojanized VS Code extension. MistEye issued real-time alerts and integrated IOCs into its threat intelligence database.

Key facts

• Account 'atool' published 637 malicious npm versions of 317 packages in 22 minutes.
• Targeted packages included @antv/scale, echarts-for-react, size-sensor, and timeago.js.
• Malicious code stole credentials from AWS, GCP, Azure, Kubernetes, and more.
• Attack used double encryption (AES-256-GCM + RSA-OAEP) for data exfiltration.
• Grafana and GitHub also targeted, with GitHub leak linked to trojanized VS Code extension.

KeyAudit data perspective