logo

TeamPCP Compromises AntV and 322 Other NPM Packages

ID: ea6b5d76-0d74-5a0c-9fd6-515f46233a72

STIX ID: report--ea6b5d76-0d74-5a0c-9fd6-515f46233a72

Feed Name: OpenSourceMalware Blog

Threat Score
85/100

Date Published: 2026-05-20

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

TeamPCP compromised npm maintainer accounts `atool` and `prop` and republished 324 packages (645 republished versions) in two tight waves on 2026-05-19, potentially exposing ~16 million weekly downloads (notably jest-canvas-mock, size-sensor, echarts-for-react) to malicious payloads; the report includes timelines, high-risk package lists, IOCs, and immediate remediation advice (pin known-good versions, audit lockfiles/CI caches, block install scripts, rotate credentials).

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.