On May 19, 2026 between 01:56 and 02:56 UTC, a new wave of the Shai-Hulud malware published 600+ rogue package versions spanning 323 unique npm packages. Core targets include widely used @antv packages — @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/g2plot, and echarts-for-react — alongside timeago.js, size-sensor, and jest-canvas-mock. The malware uses AES-256-GCM with RSA-OAEP for credential exfiltration across GitHub tokens, npm tokens, cloud platform keys, Kubernetes secrets, Vault, Docker, databases, and SSH keys, then self-propagates by validating stolen tokens and republishing infected packages at higher version numbers. It also generates fraudulent Sigstore provenance attestations and creates over 2,900 rogue repositories for exfiltration staging. Persistence mechanisms include backdoors in VS Code and Claude Code extensions. This wave is distinct from the May 11 TanStack/Mistral incident: the Shai-Hulud toolkit was previously leaked by the TeamPCP group and attribution for this wave remains unclear, indicating the attack pattern is now available to multiple threat actors. The @antv ecosystem is embedded in a large number of data-visualization and dashboard applications, meaning the blast radius extends significantly into enterprise and internal tooling. Developers using any affected packages should immediately downgrade to the last pre-May 18 version, audit all CI/CD and cloud credentials for unauthorized use, and rotate any exposed GitHub tokens, cloud keys, and SSH keys. Organizations using automated dependency updates should treat any @antv or related package version bump from May 18-19 as suspect until verified clean.