Warning: The "Mini Sandworm" worm has recently caused widespread infections in open-source code repositories. Developers should be vigilant and investigate.

CoinFeed reported on May 20th that crypto KOL @mubeitech issued a warning that an open-source basic package, downloaded 1.1 million times per week, has been flagged as known malware. Its supply chain security score has plummeted to zero. This is a code worm called "Mini Shai-Hulud." It recently completed a large-scale infection in open-source code repositories. The victim list consists entirely of frequently used components. Hundreds of packages in Alibaba's data visualization suite, antv, were injected with malicious code. Commonly used front-end tools such as echarts-for-react and timeago.js were also affected. echarts-for-react alone saw 1.1 million installations per week. The cause was the compromise of a regular developer account. The account with the username atool had its permissions stolen.