BLOG
TeamPCP Compromises AntV and 322 Other NPM Packages
TeamPCP compromised npm maintainers atool and prop, republishing 324 packages including the AntV suite across 645 versions. IOCs and remediation steps inside.
By c0a15726-c5b1-4b0d-85e6-fe15553df9e2 ·
The OpenSourceMalware team identified a large-scale account takeover campaign on npm. A threat actor tracked as TeamPCP compromised the maintainer account atool — which publishes 547 packages, including the entire AntV (Alibaba) data-visualization suite — and pushed new versions of 318 packages across two coordinated bursts. A second maintainer account, prop, was also compromised. The pattern is a textbook indicator of stolen publishing credentials, and the blast radius is large: the affected packages pull more than 16 million downloads per week combined.
TL;DR
Threat Type: npm maintainer account takeover / mass republish
Affected Ecosystem: npm
Threat Actor: TeamPCP
Compromised accounts:
atool(318 packages) andprop(6 packages)Impact: 324 packages republished as 645
package@versionartifacts, ~16M combined weekly downloads at riskKey Finding: Packages from many unrelated source repositories were republished in two tightly clustered waves — behavior no legitimate monorepo release produces
Discovery
The investigation started with a routine sweep of the atool maintainer profile on npm. Filtering that account's 547 packages for anything published in the previous 24 hours returned an unusually large result set. An initial pass using npm's search index undercounted the event; pulling the full package metadata (time map) for all 547 packages told the real story: 318 packages had new versions, totalling 639 `package@version` artifacts published in a single day. Continued hunting then surfaced a second compromised maintainer account, prop, publishing six more malicious packages as part of the same campaign.
A monorepo release can legitimately bump dozens of packages at once — AntV is a large monorepo, and a lerna or changesets release publishing every @antv/* package in quick succession is normal. What is not normal is the rest of the list.
Analysis
The 639 republished atool versions did not arrive randomly. They landed in two distinct waves:
Wave
Window (UTC)
Versions published
Wave 1
2026-05-19 01:39:31 – 01:56:46
317
Wave 2
2026-05-19 02:05:59 – 02:06:05
314
Stragglers
2026-05-18 13:00 – 14:00
2
Wave 2 compressed 314 publishes into roughly six seconds. Most affected packages received one version in each wave, leaving the bulk of them with two fresh versions and five — amapcn, echarts-for-react, jest-canvas-mock, jest-date-mock, and size-sensor — with three.
That activity did not stop at the AntV monorepo. It also swept up a long list of packages that live in completely separate repositories and have nothing to do with each other:
size-sensorjest-date-mock,jest-canvas-mockecharts-for-react,timeago.js,timeago-reactfilesize.js,byte-parser,xmorse,uri-parseonfire.js,slice.js,ribbon.js,relationship.jslint-mdand the@lint-md/*familyreact-adsense,canvas-nest.js,boring-avatars-vanilla
Independent repositories do not all cut a release in the same six-second window. A single npm publish loop running against a stolen token does. When an attacker gets hold of a maintainer's credential, the fastest way to maximize impact is to script a republish across every package the account owns — and that produces exactly this signature: one account, hundreds of unrelated projects, two tight timestamp clusters.
A second account: prop
Hunting on the artifacts from the atool event led to a second compromised maintainer account, prop. It published six packages — the openclaw-cn / @openclaw-cn/* family and @starmind/collector-cli — that are tied to the same campaign. These are listed in Appendix B.
The highest-traffic packages caught in the campaign are the ones that matter most:
Rank
Package
Republished versions
Weekly downloads
1
jest-canvas-mock
2.5.3, 2.6.3, 2.7.3
2,962,375
2
size-sensor
1.0.4, 1.1.4, 1.2.4
1,173,844
3
echarts-for-react
3.0.7, 3.1.7, 3.2.7
1,076,971
4
@antv/util
3.4.11, 3.5.11
714,487
5
@antv/scale
0.6.2, 0.7.2
588,198
6
jest-date-mock
1.0.11, 1.1.11, 1.2.11
477,803
7
@antv/matrix-util
3.1.4, 3.2.4
444,906
8
@antv/g-math
3.2.0, 3.3.0
392,509
9
@antv/component
2.2.11, 2.3.11
364,034
10
@antv/g2
5.5.8, 5.6.8
350,458
11
@antv/event-emitter
0.2.3, 0.3.3
347,249
12
@antv/g
6.4.1, 6.5.1
317,089
jest-canvas-mock, size-sensor, and echarts-for-react alone account for more than five million weekly downloads. A poisoned release of any of them would reach a very large number of developer machines and CI pipelines within hours.
Technical Analysis
Attack Chain
Stage 1: Initial Access — TeamPCP obtained publishing access to the atool and prop maintainer accounts. The most common routes are a phished npm credential, a leaked automation token, or a compromised CI secret. The burst behavior is consistent with token-based automated publishing rather than an interactive session.
Stage 2: Mass Republish — Using the stolen access, the actor iterated over every package owned by the accounts and published new versions. On the atool account this happened in two waves about ten minutes apart. The tight timestamp clustering across hundreds of unrelated repositories is the defining artifact of this stage.
Stage 3: Payload Delivery — Payload analysis of the republished tarballs is in progress. Each new version should be diffed against the last known-good release to identify injected code, postinstall hooks, obfuscated blobs, or outbound network calls. This blog will be updated as that analysis completes.
Indicators of Compromise (IOCs)
Compromised maintainer accounts
npm maintainer: atool
npm maintainer: propHighest-risk republished packages
npm/jest-canvas-mock@2.5.3
npm/jest-canvas-mock@2.6.3
npm/jest-canvas-mock@2.7.3
npm/size-sensor@1.0.4
npm/size-sensor@1.1.4
npm/size-sensor@1.2.4
npm/echarts-for-react@3.0.7
npm/echarts-for-react@3.1.7
npm/echarts-for-react@3.2.7
npm/jest-date-mock@1.0.11
npm/jest-date-mock@1.1.11
npm/jest-date-mock@1.2.11The complete list of all 324 packages and 645 republished versions is provided in the appendices below.
Publish windows (atool account)
Wave 1: 2026-05-19T01:39:31Z – 2026-05-19T01:56:46Z UTC
Wave 2: 2026-05-19T02:05:59Z – 2026-05-19T02:06:05Z UTCRemediation
If you depend on any package maintained by atool or prop — directly or transitively — take these steps now:
Pin to a known-good version published before
2026-05-19T01:39:31Zand hold there until the republished versions are cleared.Audit lockfiles and CI caches for any of the 645 versions resolved after the first wave.
Block install scripts (
npm install --ignore-scripts) until the tarballs are confirmed clean.Rotate credentials exposed to any build that ran an affected version, since infostealer payloads commonly target environment variables and npm tokens.
Appendix A: Republished packages — atool account
All 639 package@version artifacts published by the compromised atool account, grouped by package and ranked by weekly downloads.
Package
Republished versions
Weekly downloads
jest-canvas-mock
2.5.3, 2.6.3, 2.7.3
2,962,375
size-sensor
1.0.4, 1.1.4, 1.2.4
1,173,844
echarts-for-react
3.0.7, 3.1.7, 3.2.7
1,076,971
@antv/util
3.4.11, 3.5.11
714,487
@antv/scale
0.6.2, 0.7.2
588,198
jest-date-mock
1.0.11, 1.1.11, 1.2.11
477,803
@antv/matrix-util
3.1.4, 3.2.4
444,906
@antv/g-math
3.2.0, 3.3.0
392,509
@antv/component
2.2.11, 2.3.11
364,034
@antv/g2
5.5.8, 5.6.8
350,458
@antv/event-emitter
0.2.3, 0.3.3
347,249
@antv/g
6.4.1, 6.5.1
317,089
timeago.js
4.1.2, 4.2.2
298,672
@antv/hierarchy
0.8.1, 0.9.1
292,173
@antv/g-canvas
2.3.0, 2.4.0
291,610
@antv/path-util
3.1.1, 3.2.1
271,683
@antv/g-svg
2.2.1, 2.3.1
266,728
@antv/coord
0.5.7, 0.6.7
266,489
@antv/g-lite
2.8.0, 2.9.0
228,385
@antv/g6
5.2.1, 5.3.1
224,898
@antv/graphlib
2.1.4, 2.2.4
209,149
@antv/algorithm
0.2.26, 0.3.26
198,453
@antv/vendor
1.1.11, 1.2.11
187,805
@antv/attr
0.4.5, 0.5.5
166,356
@antv/g-plugin-dragndrop
2.2.1, 2.3.1
160,485
@antv/dom-util
2.1.4, 2.2.4
147,738
@antv/expr
1.1.2, 1.2.2
145,550
@antv/adjust
0.3.5, 0.4.5
140,420
@antv/g-base
0.6.16, 0.7.16
137,671
@antv/x6
3.2.7, 3.3.7
128,564
@antv/g2-extension-plot
0.3.2, 0.4.2
119,975
@antv/color-util
2.1.6, 2.2.6
110,762
@antv/g2plot
2.5.35, 2.6.35
110,732
@antv/g-webgpu
2.2.1, 2.3.1
105,453
@antv/g-webgpu-core
0.8.2, 0.9.2
104,860
@antv/g-webgpu-engine
0.8.2, 0.9.2
104,833
@antv/g6-extension-react
0.3.7, 0.4.7
83,272
@antv/graphin
3.1.5, 3.2.5
81,325
@antv/data-set
0.12.8, 0.13.8
71,915
@antv/g6-core
0.10.24, 0.9.24
70,410
@antv/g6-plugin
0.10.25, 0.9.25
70,151
@antv/g6-pc
0.10.25, 0.9.25
70,019
@antv/g6-element
0.10.25, 0.9.25
69,949
@antv/g-web-animations-api
2.2.32, 2.3.32
69,640
@antv/gl-matrix
2.8.1, 2.9.1
68,642
@antv/g-dom-mutation-observer-api
2.1.42, 2.2.42
68,558
@antv/g-camera-api
2.1.45, 2.2.45
68,440
@antv/g-plugin-image-loader
2.4.1, 2.5.1
61,916
@antv/g-plugin-dom-interaction
2.2.31, 2.3.31
61,497
@antv/g-plugin-html-renderer
2.4.1, 2.5.1
61,269
@antv/g-plugin-canvas-picker
2.4.1, 2.5.1
61,162
timeago-react
3.1.7, 3.2.7
60,911
@antv/g-plugin-canvas-path-generator
2.2.26, 2.3.26
60,767
@antv/xflow-hook
1.1.55, 1.2.55
57,064
@antv/l7-scene
2.26.10, 2.27.10
52,403
@antv/l7-utils
2.26.10, 2.27.10
52,272
@antv/l7-core
2.26.10, 2.27.10
52,139
@antv/l7-maps
2.26.10, 2.27.10
52,034
@antv/l7-component
2.26.10, 2.27.10
51,510
@antv/l7
2.26.10, 2.27.10
51,343
@antv/l7-layers
2.26.10, 2.27.10
51,138
@antv/l7-source
2.26.10, 2.27.10
51,062
@antv/l7-map
2.26.10, 2.27.10
50,886
@antv/l7-renderer
2.26.10, 2.27.10
50,699
@antv/g-plugin-canvas-renderer
2.6.1, 2.7.1
49,686
@antv/async-hook
2.3.9, 2.4.9
49,463
@antv/g-device-api
1.7.13, 1.8.13
41,718
@antv/x6-react-shape
3.1.1, 3.2.1
38,254
@antv/l7plot
0.6.11, 0.7.11
32,416
@antv/xflow
2.2.13, 2.3.13
31,929
@antv/l7plot-component
0.1.11, 0.2.11
31,423
@antv/xflow-core
1.1.55, 1.2.55
31,093
@antv/x6-react-components
2.1.9, 2.2.9
25,966
@antv/xflow-extension
1.1.55, 1.2.55
24,796
@antv/g-plugin-svg-renderer
2.5.1, 2.6.1
22,630
@antv/g-plugin-svg-picker
2.1.46, 2.2.46
22,219
@antv/g2-plugin-slider
2.2.1, 2.3.1
15,378
@antv/x6-geometry
2.1.5, 2.2.5
12,804
@antv/x6-common
2.1.17, 2.2.17
12,252
@antv/l7-react
2.5.3, 2.6.3
10,135
@antv/infographic
0.3.19, 0.4.19
9,075
@antv/larkmap
1.6.1, 1.7.1
8,690
@antv/mcp-server-chart
0.10.10, 0.11.10
8,684
@antv/l7-draw
3.2.5, 3.3.5
7,574
@antv/s2
2.8.1, 2.9.1
7,556
jest-electron
0.2.12, 0.3.12
7,363
@antv/l7-composite-layers
0.18.1, 0.19.1
7,094
@antv/gpt-vis
1.1.0, 1.2.0
6,989
@antv/f2
5.15.0, 5.16.0
6,507
@antv/x6-vue-shape
3.1.2, 3.2.2
6,187
@antv/x6-plugin-selection
2.3.2, 2.4.2
6,034
@antv/x6-plugin-snapline
2.2.7, 2.3.7
5,858
jest-url-loader
0.2.0, 0.3.0
5,804
@antv/g-gesture
3.1.42, 3.2.42
5,611
@antv/x6-plugin-dnd
2.2.1, 2.3.1
5,257
@antv/g-shader-components
2.1.0, 2.2.0
4,958
mcp-mermaid
0.5.1, 0.6.1
4,715
filesize.js
2.1.0, 2.2.0
4,610
@antv/g-plugin-rough-canvas-renderer
2.2.1, 2.3.1
4,357
uri-parse
1.1.0, 1.2.0
4,261
jest-less-loader
0.3.0, 0.4.0
4,201
@antv/x6-plugin-keyboard
2.3.3, 2.4.3
4,165
@antv/dumi-theme-antv
0.10.4, 0.9.4
4,107
@antv/g-plugin-device-renderer
2.7.1, 2.8.1
4,058
@antv/x6-plugin-history
2.3.4, 2.4.4
3,998
@antv/x6-plugin-transform
2.2.8, 2.3.8
3,724
@antv/x6-plugin-scroller
2.1.10, 2.2.10
3,576
@antv/x6-plugin-minimap
2.1.7, 2.2.7
3,547
limit-size
0.2.4, 0.3.4
3,467
@antv/react-g
2.2.1, 2.3.1
3,235
@antv/x6-plugin-export
2.2.6, 2.3.6
3,028
fixed-round
1.1.2, 1.2.2
2,994
@antv/g-webgl
2.2.1, 2.3.1
2,918
@antv/g-plugin-3d
2.2.1, 2.3.1
2,857
@antv/x6-plugin-clipboard
2.2.6, 2.3.6
2,830
react-adsense
0.2.0, 0.3.0
2,790
byte-parser
1.1.0, 1.2.0
2,770
@antv/s2-react
2.4.1, 2.5.1
2,552
@antv/g2-brush
0.1.2, 0.2.2
2,412
@antv/x6-plugin-stencil
2.2.5, 2.3.5
2,366
@antv/g-plugin-a11y
1.5.1, 1.6.1
2,158
@antv/g-plugin-rough-svg-renderer
2.2.1, 2.3.1
1,567
@antv/g-mobile-webgl
1.2.1, 1.3.1
1,336
@antv/smart-color
0.3.1, 0.4.1
1,287
@antv/g-plugin-control
2.2.1, 2.3.1
1,245
@antv/ava
3.5.1, 3.6.1
1,215
@antv/l7-three
2.26.10, 2.27.10
1,191
@antv/g-mobile-svg
1.2.1, 1.3.1
1,187
@lint-md/core
2.1.0, 2.2.0
1,164
@antv/layout-wasm
1.5.2, 1.6.2
1,106
@antv/g-lottie-player
1.2.1, 1.3.1
1,077
@antv/g-plugin-mobile-interaction
1.1.42, 1.2.42
1,074
@antv/color-schema
0.3.3, 0.4.3
1,037
@antv/layout-gpu
1.2.7, 1.3.7
976
@antv/geo-coord
1.1.8, 1.2.8
927
@antv/g-mobile-canvas-element
1.1.42, 1.2.42
917
@antv/g-plugin-gesture
2.2.1, 2.3.1
865
@antv/x6-angular-shape
3.1.1, 3.2.1
802
jest-random-mock
1.1.0, 1.2.0
776
@antv/g-mobile-canvas
1.2.1, 1.3.1
775
@antv/l7-mapkit
0.6.0, 0.7.0
749
@antv/g-pattern
2.1.42, 2.2.42
740
jest-expect
0.1.1, 0.2.1
686
canvas-nest.js
2.1.4, 2.2.4
685
mcp-echarts
0.8.1, 0.9.1
679
@lint-md/cli
2.1.0, 2.2.0
658
@antv/f-lottie
1.11.0, 1.12.0
653
@antv/g2-extension-3d
0.3.0, 0.4.0
645
lint-md
0.3.0, 0.4.0
628
@antv/g-css-layout-api
1.1.38, 1.2.38
620
@antv/graphin-components
2.5.1, 2.6.1
620
@antv/g2-extension-ava
0.3.0, 0.4.0
619
@antv/f-engine
1.11.0, 1.12.0
617
@antv/chart-node-g6
0.1.4, 0.2.4
600
boring-avatars-vanilla
1.1.2, 1.2.2
551
@antv/translator
1.1.1, 1.2.1
542
@antv/g-css-typed-om-api
1.1.38, 1.2.38
534
@antv/g2-ssr
0.3.0, 0.4.0
510
babel-plugin-version
0.3.3, 0.4.3
468
@antv/g6-react-node
1.5.8, 1.6.8
438
amapcn
0.1.2, 0.2.2, 0.3.2
408
@antv/f-react
1.11.0, 1.12.0
344
@antv/g-plugin-webgl-device
1.10.17, 1.11.17
341
@antv/l7-mini
2.21.8, 2.22.8
332
@antv/l7-district
2.4.12, 2.5.12
311
@antv/g6-ssr
0.2.1, 0.3.1
309
lint-md-cli
0.2.2, 0.3.2
307
@antv/interaction
0.2.5, 0.3.5
297
@antv/g-plugin-css-select
2.2.1, 2.3.1
290
@antv/g-components
2.1.42, 2.2.42
289
@antv/ckb
2.1.4, 2.2.4
288
@antv/f2-react
5.15.0, 5.16.0
285
@antv/s2-vue
2.3.0, 2.4.0
285
@antv/vis-predict-engine
0.2.1, 0.3.1
266
@antv/g-canvaskit
1.2.1, 1.3.1
250
@antv/graphin-icons
1.1.0, 1.2.0
246
@antv/torch
1.1.6, 1.2.6
245
@antv/g-plugin-yoga
2.4.1, 2.5.1
244
@antv/data-wizard
2.1.4, 2.2.4
243
@antv/g-plugin-box2d
2.2.1, 2.3.1
242
@antv/g-web-components
2.2.1, 2.3.1
237
@antv/data-samples
1.1.1, 1.2.1
234
@antv/g-plugin-physx
2.2.1, 2.3.1
231
@antv/gpt-vis-ssr
0.4.7, 0.5.7
231
@antv/g-plugin-matterjs
2.2.1, 2.3.1
228
@antv/istanbul
0.1.0, 0.2.0
224
ast-plugin
0.1.7, 0.2.7
218
@antv/f-test-utils
1.1.9, 1.2.9
203
relationship.js
1.3.9, 1.4.9
203
@antv/g-plugin-canvaskit-renderer
2.4.1, 2.5.1
192
@antv/g-plugin-annotation
1.3.0, 1.4.0
191
@antv/g-webgpu-compiler
0.8.2, 0.9.2
183
@antv/t8
0.4.0, 0.5.0
179
@antv/g6-editor
1.3.0, 1.4.0
178
@antv/s2-react-components
2.2.2, 2.3.2
172
@antv/g-plugin-gpgpu
1.10.20, 1.11.20
171
@antv/ava-react
3.4.2, 3.5.2
167
@antv/g-image-exporter
1.1.42, 1.2.42
167
@antv/f-my
1.11.0, 1.12.0
163
@antv/f2-graphic
0.1.16, 0.2.16
163
onfire.js
2.1.1, 2.2.1
163
@antv/g-plugin-webgpu-device
1.10.17, 1.11.17
157
@antv/f2-my
4.1.52, 4.2.52
153
@antv/g-plugin-zdog-canvas-renderer
2.2.1, 2.3.1
153
@antv/g-plugin-webgl-renderer
1.1.26, 1.2.26
151
@antv/dw-random
1.2.7, 1.3.7
149
@antv/g-plugin-zdog-svg-renderer
2.2.1, 2.3.1
139
@antv/li-editor
1.7.1, 1.8.1
138
@antv/g6-extension-3d
0.2.23, 0.3.23
136
@antv/li-sdk
1.6.1, 1.7.1
125
@antv/gi-sdk
3.1.0, 3.2.0
121
@antv/g-mobile
1.2.5, 1.3.5
114
@antv/gi-assets-basic
2.5.40, 2.6.40
114
@antv/f2-wordcloud
5.15.0, 5.16.0
112
@antv/f-vue
1.11.0, 1.12.0
109
@antv/f6
0.1.19, 0.2.19
105
@antv/g-layout-blocklike
1.8.49, 1.9.49
103
ribbon.js
1.1.2
102
@antv/thumbnails
2.1.0, 2.2.0
98
slice.js
1.2.1, 1.3.1
98
@antv/f-wx
1.11.0, 1.12.0
95
@antv/graphin-graphscope
1.1.5, 1.2.5
95
@antv/li-analysis-assets
1.10.1, 1.11.1
91
@antv/x6-vue3-shape
1.1.0, 1.2.0
88
@antv/li-core-assets
1.4.7, 1.5.7
87
@antv/insight-component
1.1.0, 1.2.0
83
@antv/f2-site
4.1.42, 4.2.42
76
@antv/sam
0.3.0, 0.4.0
76
@antv/my-f2
2.2.7, 2.3.7
75
@antv/f2-context
0.1.1, 0.2.1
73
@antv/gi-assets-advance
2.6.22, 2.7.22
73
@antv/f2-wx
4.1.51, 4.2.51
72
@antv/knowledge
1.2.4, 1.3.4
70
@antv/narrative-text-schema
0.4.7, 0.5.7
70
@antv/g6-plugins
1.1.9, 1.2.9
69
xmorse
1.1.0, 1.2.0
68
@antv/gi-assets-xlab
0.2.30, 0.3.30
62
@antv/dw-analyzer
1.2.5, 1.3.5
61
@antv/x6-components
0.11.7, 0.12.7
60
@antv/li-p2
1.10.2, 1.9.2
58
@antv/narrative-text-vis
0.4.16, 0.5.16
58
@antv/s2-ssr
0.2.1, 0.3.1
57
@antv/gi-assets-algorithm
2.4.19, 2.5.19
56
@antv/gi-sdk-app
1.3.10, 1.4.10
56
word-width
1.1.1, 1.2.1
56
@antv/l7-editor
1.2.13, 1.3.13
55
miz
1.1.1, 1.2.1
52
@antv/awards
0.1.9, 0.2.9
50
@antv/f2-algorithm
5.8.0, 5.9.0
50
@antv/gi-assets-scene
2.3.21, 2.4.21
50
@antv/lite-insight
2.2.1, 2.3.1
48
@antv/f2-vue
4.1.33, 4.2.33
46
@antv/gi-assets-graphscope
2.2.15, 2.3.15
45
@antv/gi-common-components
1.4.16, 1.5.16
45
@antv/gi-assets-neo4j
2.2.15, 2.3.15
44
@antv/mcp-server-antv
0.2.8, 0.3.8
44
ai-figure
0.5.0, 0.6.0
42
@antv/gi-assets-janusgraph
1.2.15, 1.3.15
41
@antv/gi-theme-antd
0.7.11, 0.8.11
40
@antv/l7-leaflet
1.1.2, 1.2.2
38
@antv/gi-assets-tugraph-analytics
0.3.15, 0.4.15
36
@antv/gi-assets-galaxybase
1.3.15, 1.4.15
35
@antv/gi-assets-tugraph
2.2.15, 2.3.15
35
@antv/narrative-text-editor
0.3.20, 0.4.20
35
@antv/dw-transform
1.2.7, 1.3.7
33
@antv/g2plot-schemas
1.3.2, 1.4.2
32
@antv/li-aiearth-assets
0.5.7, 0.6.7
31
@antv/thumbnails-component
2.1.0, 2.2.0
31
@antv/gi-assets-hugegraph
1.2.15, 1.3.15
30
@antv/gi-cli
1.3.11, 1.4.11
30
@antv/x6-vector
1.5.2, 1.6.2
30
gantt-for-react
0.3.0, 0.4.0
30
@antv/g6-mobile
0.2.2, 0.3.2
29
@antv/calendar-heatmap
1.2.2, 1.3.2
28
@antv/chart-visualization-skills
0.2.3, 0.3.3
28
@antv/wx-f2
2.2.1, 2.3.1
28
@antv/g-compat
1.1.11, 1.2.11
26
@antv/semantic-release-pnpm
1.1.4, 1.2.4
26
@antv/webgpu-graph
1.1.0, 1.2.0
24
@antv/word-scale-chart
0.4.4, 0.5.4
24
@antv/f6-core
0.1.2, 0.2.2
22
@antv/g6-plugin-map-view
0.1.4, 0.2.4
20
@antv/f6-element
0.1.1, 0.2.1
19
@antv/g6-cli
0.1.4, 0.2.4
19
@antv/dipper-map
1.1.10, 1.2.10
17
@antv/f6-hammerjs
0.1.2, 0.2.2
15
@antv/f2-canvas
1.1.5, 1.2.5
14
@antv/f6-plugin
1.1.6, 1.2.6
13
@antv/f6-wx
0.1.7, 0.2.7
13
@antv/dw-util
1.2.4, 1.3.4
12
@antv/x6-react
0.2.26, 0.3.26
12
@antv/f6-alipay
0.1.7, 0.2.7
10
@antv/github-config-cli
0.2.0, 0.3.0
10
@antv/g-webgpu-raytracer
0.6.1, 0.7.1
9
@antv/gi-mock-data
1.1.5, 1.2.5
9
@antv/gi-public-data
1.1.1, 1.2.1
8
@antv/li-sam-assets
0.2.4, 0.3.4
8
@antv/d3-color
1.1.0, 1.2.0
7
@antv/d3-interpolate
1.1.3, 1.2.3
6
@antv/f6-ui
1.1.3, 1.2.3
6
@antv/stat
0.1.2, 0.2.2
6
@antv/chart-linter
1.2.6, 1.3.6
5
@antv/l7-extension-g-layer
1.1.0, 1.2.0
5
@antv/my-f2-pc
0.2.1, 0.3.1
5
@antv/dipper-component
0.1.4, 0.2.4
4
@antv/g-webgpu-unitchart
0.6.1, 0.7.1
4
@antv/gatsby-theme
0.2.0, 0.3.0
3
@antv/a8
0.1.1, 0.2.1
2
@antv/g-webgl-compute
0.1.1, 0.2.1
2
@antv/g6-alipay
0.1.1, 0.2.1
2
@antv/xflow-diff
1.1.0, 1.2.0
2
@antv/dipper-hooks
0.3.1, 0.4.1
1
@antv/f-charts
0.1.0, 0.2.0
1
@antv/g-perf
1.1.0, 1.2.0
1
@antv/g6-wx
0.1.1, 0.2.1
1
@antv/l7-pass
1.1.0, 1.2.0
1
@antv/g6-lite
0.1.0-beta.1
0
@lint-md/parser
0.1.14, 0.2.14
0
Appendix B: Malicious packages — prop account
A second compromised maintainer account, prop, published 6 packages (6 versions) as part of the same campaign.
Package
Version
Weekly downloads
openclaw-cn
0.3.0
3607
@openclaw-cn/libsignal
2.1.1
2847
@openclaw-cn/feishu
0.2.11
133
@openclaw-cn/cli
1.4.1
109
@openclaw-cn/toutiao-ops
1.2.4
39
@starmind/collector-cli
0.3.10
N/A
Conclusion
The combination of two maintainer accounts, 324 packages from many unrelated repositories, and two tightly clustered publish waves is not a release — it is a compromise. The atool and prop takeovers put more than 16 million weekly downloads within reach of TeamPCP, and the high-traffic targets caught in the campaign make this a serious supply-chain event regardless of what the final payload analysis shows.