SlowMist (SlowMist) published threat intelligence on X on May 20, confirming that multiple high-frequency npm packages and multiple versions of the Python SDK durabletask were hit by a supply chain attack dubbed “Mini Shai-Hulud.” SlowMist also said that the May 16 Grafana Labs ransomware attack is “very likely” linked to this supply chain attack.
Attack timeline and affected components
(Source: SlowMist)
According to the attack timeline confirmed by SlowMist threat intelligence:
May 19, 2026: The npm account atool (i@hust.cc) was compromised. Within 22 minutes, the attacker automatically published 317 packages totaling 637 malicious versions, impacting high-frequency components in the npm ecosystem such as AntV and Echarts-for-react.
May 20, 2026 (Beijing time) 00:19 to 00:54: Over 35 minutes, the attacker repeatedly uploaded durabletask versions 1.4.1 (00:19), 1.4.2 (00:49), and 1.4.3 (00:54), bypassing Microsoft’s official release controls and impersonating legitimate Microsoft releases.
SlowMist confirmed that the attacker’s targets included not only infected npm and Python packages, but also developers’ credentials and keys (GitHub PAT, npm Token, AWS keys, Kubernetes Secret, Vault Token, SSH keys, and more than 90 types of local sensitive files), as well as internal code repositories that may be accessed via leaked tokens.
Confirmed links to GitHub token leakage and the Grafana incident
In its threat intelligence, SlowMist described two events linked to this supply chain attack:
Massive GitHub token leakage: SlowMist said, “Evidence indicates that some of the leaked tokens may have been used to access and possibly sell official GitHub code repositories.” GitHub has confirmed that the cause of this leak was an employee device installing an infected VS Code extension.
Grafana Labs attack (May 16, 2026): SlowMist confirmed that the cybercriminal group accessed Grafana Labs’s GitHub code repository without authorization, downloaded the code repository, and issued ransomware demands threatening data exfiltration.
SlowMist also explained the attackers’ potential operating patterns: stealing cloud and local credentials, gaining unauthorized access to internal repositories and sensitive cloud infrastructure, performing lateral movement between developers’ machines and CI/CD pipelines, and selling leaked GitHub tokens.
Mitigation measures recommended by SlowMist
According to SlowMist’s official recommendations for confirmation:
Rotate immediately: All exposed GitHub, npm, PyPI, and cloud credentials
Replace affected packages: Replace affected npm/PyPI packages with verified secure versions, or freeze dependency versions
System isolation: Isolate potentially compromised systems and conduct audits to prevent credential theft or lateral movement
Review dependencies: Check lock files (package-lock.json, yarn.lock, requirements.txt, etc.) for affected versions
Monitor for abnormal activity: Monitor GitHub and cloud activity for abnormal authentication events and signs of token leakage
FAQ
Which packages are confirmed to be affected by the Mini Shai-Hulud attack?
According to SlowMist threat intelligence, the affected packages include high-frequency components in the npm ecosystem such as AntV and Echarts-for-react, as well as durabletask versions 1.4.1, 1.4.2, and 1.4.3. SlowMist said it will continue tracking whether any new malicious versions are released.
How does SlowMist determine that the GitHub token leakage is associated with this supply chain attack?
SlowMist’s assessment is based on its threat intelligence analysis and is evaluated as “very likely” (not absolute confirmation). The basis is that some of the leaked tokens may have been used to access GitHub code repositories. GitHub’s official investigation has also independently confirmed that an employee device was compromised by a malicious VS Code extension.
How can developers quickly confirm whether their projects use the affected versions?
Based on SlowMist’s advice, check using the following commands: for npm packages, run npm ls --all; for Python packages, use pip show durabletask to confirm the version number; also check lock files (package-lock.json, yarn.lock, requirements.txt, etc.) to see whether they contain the affected malicious versions.
