预警：“迷你沙虫”蠕虫近期在开源代码库里完成大面积感染，开发者需注意排查

PANews2026-05-20 00:49:00

Favorite

PANews 5月20日消息，加密KOL @mubeitech发布提醒称，每周被下载110万次的开源基础包，被系统标记为已知恶意软件。它的供应链安全评分直接归零。这是一个名叫“迷你沙虫”（Mini Shai-Hulud）的代码蠕虫。它近期在开源代码库里完成了大面积感染。

受害者名单里全是高频组件。阿里巴巴的数据可视化套件antv，数百个包被植入恶意代码。前端常用的echarts-for-react、timeago.js等工具也无一幸免。单是echarts-for-react这一项，每周的装机量就高达110万次。起因是一个普通开发者账号失守。用户名atool的账号被盗取了权限。黑客接管后，往这些底层组件里塞进了混淆的恶意代码。带毒的3.2.7版本发布仅19分钟后，漏洞扫描即全部变红。

慢雾首席信息安全官23pds转发该帖子并发文提醒开发者注意排查。此外，安全公司Socket表示，截至昨晚，已在“迷你沙虫”蠕虫事件中识别出323个独立包中的639个被入侵的npm包版本。其中包括279个独立@antv包中的558个版本。

Disclaimer: This article is copyrighted by the original author and does not represent MyToken’s views and positions. If you have any questions regarding content or copyright, please contact us.(www.mytokencap.com)contact

About MyToken:https://www.mytokencap.com/aboutusArticle Link:https://www.mytokencap.com/news/580563.html

More exciting content is available on
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
（https://t.me/mytokenGroup）

Previous:德鲁肯米勒：从索罗斯战友到宏观投资教父——体系、门徒与最新思考

Why The XRP Price Can Touch $589 As It Takes On $73 Trillion Industry

The idea of XRP trading at $589 may sound unrealistic at first, but the rationale behind it is not b...

NewsBTC2026-05-20 18:00:49

Solana ETF Falls Behind As XRP Collects More Cash—Here’s The Catalyst Driving The Split

XRP exchange-traded funds (ETFs) have pulled in more money than their Solana ETF counterparts even t...

NewsBTC2026-05-20 17:47:37

USDT Surge Masks Stalled Stablecoin Growth as Competing Tokens Bleed $4.2B

Total stablecoin supply crossed $300B, but net growth stalled at 0.3% as USDT added $5B while USDC, ...

blockchainreporter2026-05-20 17:00:00