SlowMist: The GitHub and Grafana security incidents are likely related to a large-scale "mini sandworm" supply chain attack.

CoinFeed reported on May 20th that, according to threat intelligence released by SlowMist, several high-frequency npm packages, including AntV, Echarts-for-react, and the Python SDK durabletask, have recently been targeted by the Mini Shai-Hulud supply chain attack. On May 19th, the npm account atool was compromised, and the attacker automatically released 637 malicious versions involving 317 packages within 22 minutes. From 00:19 to 00:54 Beijing time on May 20th, the attacker continuously uploaded versions 1.4.1, 1.4.2, and 1.4.3 of durabletask within 35 minutes, bypassing normal release controls and impersonating official Microsoft releases. The large-scale GitHub token leak and the ransomware attack on Grafana Labs are likely related to this supply chain attack.