Malicious npm Packages Steal CI/CD Credentials from Developers

Hackers compromised @antv npm packages to distribute malware called Mini Shai-Hulud, targeting developers' automation systems. The malicious code activates during package installation and extracts sensitive credentials from popular platforms including GitHub, AWS, Kubernetes, Vault, npm registry, and 1Password. This attack specifically impacts Linux-based development environments and poses significant risk to organizations relying on automated software deployment pipelines. Developers should immediately review their npm dependencies and update to verified versions. Source: Microsoft Security Blog.