Snyk's investigation into the May 19 @antv ecosystem attack adds material detail to the earlier wave report: 637 malicious package versions were published between 01:39 and 02:06 UTC, spanning 323 distinct packages. The attack is now attributed to threat actor TeamPCP. Two packages with outsized reach were compromised — size-sensor (4.2 million weekly downloads) and echarts-for-react (3.8 million weekly downloads) — significantly raising the potential blast radius beyond the initial "600+ packages" figure. The TeamPCP attribution and the precise scope (637 versions, 323 packages) help security teams make more accurate risk assessments and validate whether their dependency trees were affected. Developers using any @antv-ecosystem package should lock dependency resolution to clean versions predating May 19 01:39 UTC, audit lock files for the affected version ranges, and monitor for any unexpected network egress that may indicate a compromised build environment.