The @antv Ecosystem Was Compromised with Shai-Hulud Malware, 300+ Packages Affected

Credential Stealing Malware Hits npm. Sounds familiar? 

Breaking News: Shai-Hulud malware spreads again in npm, stealing credentials and self-propagating. Currently with 300+ packages affected, over 59M monthly downloads in total.

Overview

There’s not much to say about the Shai-Hulud malware and its variants that we didn’t already say before (TeamPCP Copycats Are Here, TeamPCP Leak Shai-Hulud Source, TanStan Shai-Hulud Compromise, SAP Compromise, Bitwarden CLI Compromise).

We suspect that TeamPCP are behind this current wave, and that they are now explicitly showing they are financially motivated with X (Twitter) posts saying they are going to make 7 figures from their new attack, some of it they’ll donate to charities that accept crypto currency as donation.

Who is affected

Anyone who has installed or updated npm packages in the last 24 hours, specifically targeting the @antv namespace (Ant Financial’s data visualization libraries) and related graphical analysis tools.

Impact

• Total affected packages – 320+ (see table chart below)
• Total accumulated weekly downloads – 16,065,123
• Total accumulated monthly downloads – 59,312,186
• Total GitHub repositories with stolen credentials – 2,100+
  • Containing the “niagA oG eW ereH :duluH-iahS” string, which is Shai-Hulud in reverse.

Recommended Actions

Immediate Actions:

1. Rotate your keys and add 2FA to your accounts
2. Check for public GitHub repositories containing “niagA oG eW ereH :duluH-iahS” related strings
3. Downgrade the affected packages to a safe version
4. Treat the machine and any connected token, environment variable and API key as compromised.

Lessons for Security Leaders From the AI Supply Chain Crisis

Join us as we uncover 30+ disclosures and 10+ CVEs and explore what this new reality means for security leaders

Watch the Webinar

Infection Analysis

This new variant is the “Here We Go Again” variant, but with the text reversed – “niagA oG eW ereH :duluH-iahS”, after infecting users, it uploads an encrypted version of the stolen credentials to the victim’s GitHub account under a new repository.

We found over 2,100 repositories with stolen credentials of the new Shai-Hulud variant, and the numbers keep growing as time goes by.

You can track the ongoing infections using this link.

TeamPCP on X (Twitter)

The recent posts by two TeamPCP actors (@xploitrsturtle2, @xpl0itrs) shows that the attacks are soon to happen, with indications that they are going to donate some of the money to charity.

And even specifically targeted us, tagging Moshe’s X account saying that we face an ethical dilemma by analyzing and exposing them:

You can see the list of potential charities that was shared – 

The @xpl0itrs X user was later banned from the platform.

Technical Analysis

The new Shai-Hulud variant is (again…) a self-propagating npm supply-chain stealer/work.

It runs during npm install via a malicious preinstall script, harvests secrets from the victim machine and CI environments, exfiltrates them over HTTP (disguised as OpenTelemetry), and uses stolen GitHub tokens to create public repositories advertising the compromise.

It can also republish trojanized npm packages and inject malicious optionalDependencies.

The GitHub beacon string niagA oG eW ereH :duluH-iahS is the character-reversed form of Shai-Hulud: Here We Go Again – a fingerprint left on every exfil repo’s description and README.

Delivery Mechanism

The malicious package.json impersonates a legitimate byte-parsing library:

• preinstall – Runs before install completes; no user interaction
• bun run index.js – Executes ~500 KB obfuscated payload

Command and Control

Our research team was able to extract the Command and Control (C2) as exfiltration of stolen secrets.

The exfil client is configured in the main orchestrator with a socket-style config object:

GitHub Exfiltration & Beacon

We are also adding the GitHub exfiltration process that we mentioned earlier, it is pushed inside the repository description – POST /user/repos:

• README.md – created by auto_init: true, title = repo name, body includes the same beacon line.
• results/ directory – stolen credentials uploaded as files inside the repo.

While we also found the repo naming convention:

The malware is also extracting based on regex patterns and then sent to the channels we mentioned above, the way it works is as follows:

In summary, this is an npm supply-chain worm that runs on npm install (bun run index.js), steals tokens and secrets from the host/CI, sends them to t.m-kosche.com (fake OpenTelemetry), and uses stolen GitHub creds to create public repos tagged niagA oG eW ereH :duluH-iahS (reversed Shai-Hulud: Here We Go Again) while republishing trojanized packages.

Conclusions

If it wasn’t clear already, TeamPCP is here to stay, and npm malware isn’t going anywhere without a proper re-review of their registry’s security.

Following their competitions for largest supply chain on BreachForums and the spreading of their own source code, it seems that the group is going to continue exploiting the package dependencies and CI/CD actions to ultimately infect millions of machines and steal information and crypto currency.

Affected Packages

Package	Ecosystem	Version
ai-figure	npm	0.6.0; 0.5.0
amapcn	npm	0.3.2; 0.2.2
ast-plugin	npm	0.2.7; 0.1.7
babel-plugin-version	npm	0.4.3; 0.3.3
boring-avatars-vanilla	npm	1.2.2; 1.1.2
byte-parser	npm	1.1.0; 1.2.0
canvas-nest.js	npm	2.2.4; 2.1.4
echarts-for-react	npm	3.2.7; 3.1.7
filesize.js	npm	2.2.0; 2.1.0
fixed-round	npm	1.2.2; 1.1.2
gantt-for-react	npm	0.4.0; 0.3.0
jest-canvas-mock	npm	2.7.3; 2.6.3
jest-date-mock	npm	1.2.11; 1.1.11
jest-electron	npm	0.3.12; 0.2.12
jest-expect	npm	0.2.1; 0.1.1
jest-less-loader	npm	0.4.0; 0.3.0
jest-random-mock	npm	1.2.0; 1.1.0
jest-url-loader	npm	0.3.0; 0.2.0
limit-size	npm	0.3.4; 0.2.4
lint-md	npm	0.4.0; 0.3.0
lint-md-cli	npm	0.3.2; 0.2.2
mcp-echarts	npm	0.9.1; 0.8.1
mcp-mermaid	npm	0.6.1; 0.5.1
miz	npm	1.2.1; 1.1.1
onfire.js	npm	2.2.1; 2.1.1
openclaw-cn	npm	0.3.0
react-adsense	npm	0.3.0; 0.2.0
relationship.js	npm	1.4.9; 1.3.9
ribbon.js	npm	1.1.2
size-sensor	npm	1.2.4; 1.1.4
slice.js	npm	1.3.1; 1.2.1
timeago-react	npm	3.2.7; 3.1.7
timeago.js	npm	4.2.2; 4.1.2
uri-parse	npm	1.2.0; 1.1.0
word-width	npm	1.2.1; 1.1.1
xmorse	npm	1.2.0; 1.1.0
@antv/a8	npm	0.2.1; 0.1.1
@antv/adjust	npm	0.4.5; 0.3.5
@antv/algorithm	npm	0.3.26; 0.2.26
@antv/async-hook	npm	2.4.9; 2.3.9
@antv/attr	npm	0.5.5; 0.4.5
@antv/ava	npm	3.6.1; 3.5.1
@antv/ava-react	npm	3.5.2; 3.4.2
@antv/awards	npm	0.2.9; 0.1.9
@antv/calendar-heatmap	npm	1.3.2; 1.2.2
@antv/chart-linter	npm	1.3.6; 1.2.6
@antv/chart-node-g6	npm	0.2.4; 0.1.4
@antv/chart-visualization-skills	npm	0.3.3; 0.2.3
@antv/ckb	npm	2.2.4; 2.1.4
@antv/color-schema	npm	0.4.3; 0.3.3
@antv/color-util	npm	2.2.6; 2.1.6
@antv/component	npm	2.3.11; 2.2.11
@antv/coord	npm	0.6.7; 0.5.7
@antv/d3-color	npm	1.2.0; 1.1.0
@antv/d3-interpolate	npm	1.2.3; 1.1.3
@antv/data-samples	npm	1.2.1; 1.1.1
@antv/data-set	npm	0.13.8; 0.12.8
@antv/data-wizard	npm	2.2.4; 2.1.4
@antv/dipper-component	npm	0.2.4; 0.1.4
@antv/dipper-hooks	npm	0.4.1; 0.3.1
@antv/dipper-map	npm	1.2.10; 1.1.10
@antv/dom-util	npm	2.2.4; 2.1.4
@antv/dumi-theme-antv	npm	0.9.4; 0.10.4
@antv/dw-analyzer	npm	1.3.5; 1.2.5
@antv/dw-random	npm	1.3.7; 1.2.7
@antv/dw-transform	npm	1.3.7; 1.2.7
@antv/dw-util	npm	1.3.4; 1.2.4
@antv/event-emitter	npm	0.3.3; 0.2.3
@antv/expr	npm	1.2.2; 1.1.2
@antv/f-charts	npm	0.2.0; 0.1.0
@antv/f-engine	npm	1.12.0; 1.11.0
@antv/f-lottie	npm	1.12.0; 1.11.0
@antv/f-my	npm	1.12.0; 1.11.0
@antv/f-react	npm	1.12.0; 1.11.0
@antv/f-test-utils	npm	1.2.9; 1.1.9
@antv/f-vue	npm	1.12.0; 1.11.0
@antv/f-wx	npm	1.12.0; 1.11.0
@antv/f2	npm	5.16.0; 5.15.0
@antv/f2-algorithm	npm	5.9.0; 5.8.0
@antv/f2-canvas	npm	1.2.5; 1.1.5
@antv/f2-context	npm	0.2.1; 0.1.1
@antv/f2-graphic	npm	0.2.16; 0.1.16
@antv/f2-my	npm	4.2.52; 4.1.52
@antv/f2-react	npm	5.16.0; 5.15.0
@antv/f2-site	npm	4.2.42; 4.1.42
@antv/f2-vue	npm	4.2.33; 4.1.33
@antv/f2-wordcloud	npm	5.16.0; 5.15.0
@antv/f2-wx	npm	4.2.51; 4.1.51
@antv/f6	npm	0.2.19; 0.1.19
@antv/f6-alipay	npm	0.2.7; 0.1.7
@antv/f6-core	npm	0.2.2; 0.1.2
@antv/f6-element	npm	0.2.1; 0.1.1
@antv/f6-hammerjs	npm	0.2.2; 0.1.2
@antv/f6-plugin	npm	1.2.6; 1.1.6
@antv/f6-ui	npm	1.2.3; 1.1.3
@antv/f6-wx	npm	0.2.7; 0.1.7
@antv/g	npm	6.5.1; 6.4.1
@antv/g-base	npm	0.7.16; 0.6.16
@antv/g-camera-api	npm	2.2.45; 2.1.45
@antv/g-canvas	npm	2.4.0; 2.3.0
@antv/g-canvaskit	npm	1.3.1; 1.2.1
@antv/g-compat	npm	1.2.11; 1.1.11
@antv/g-components	npm	2.2.42; 2.1.42
@antv/g-css-layout-api	npm	1.2.38; 1.1.38
@antv/g-css-typed-om-api	npm	1.2.38; 1.1.38
@antv/g-device-api	npm	1.8.13; 1.7.13
@antv/g-dom-mutation-observer-api	npm	2.2.42; 2.1.42
@antv/g-gesture	npm	3.2.42; 3.1.42
@antv/g-image-exporter	npm	1.2.42; 1.1.42
@antv/g-layout-blocklike	npm	1.9.49; 1.8.49
@antv/g-lite	npm	2.9.0; 2.8.0
@antv/g-lottie-player	npm	1.3.1; 1.2.1
@antv/g-math	npm	3.3.0; 3.2.0
@antv/g-mobile	npm	1.3.5; 1.2.5
@antv/g-mobile-canvas	npm	1.3.1; 1.2.1
@antv/g-mobile-canvas-element	npm	1.2.42; 1.1.42
@antv/g-mobile-svg	npm	1.3.1; 1.2.1
@antv/g-mobile-webgl	npm	1.3.1; 1.2.1
@antv/g-pattern	npm	2.2.42; 2.1.42
@antv/g-perf	npm	1.2.0; 1.1.0
@antv/g-plugin-3d	npm	2.3.1; 2.2.1
@antv/g-plugin-a11y	npm	1.6.1; 1.5.1
@antv/g-plugin-annotation	npm	1.4.0; 1.3.0
@antv/g-plugin-box2d	npm	2.3.1; 2.2.1
@antv/g-plugin-canvas-path-generator	npm	2.3.26; 2.2.26
@antv/g-plugin-canvas-picker	npm	2.5.1; 2.4.1
@antv/g-plugin-canvas-renderer	npm	2.7.1; 2.6.1
@antv/g-plugin-canvaskit-renderer	npm	2.5.1; 2.4.1
@antv/g-plugin-control	npm	2.3.1; 2.2.1
@antv/g-plugin-css-select	npm	2.3.1; 2.2.1
@antv/g-plugin-device-renderer	npm	2.8.1; 2.7.1
@antv/g-plugin-dom-interaction	npm	2.3.31; 2.2.31
@antv/g-plugin-dragndrop	npm	2.3.1; 2.2.1
@antv/g-plugin-gesture	npm	2.3.1; 2.2.1
@antv/g-plugin-gpgpu	npm	1.11.20; 1.10.20
@antv/g-plugin-html-renderer	npm	2.5.1; 2.4.1
@antv/g-plugin-image-loader	npm	2.5.1; 2.4.1
@antv/g-plugin-matterjs	npm	2.3.1; 2.2.1
@antv/g-plugin-mobile-interaction	npm	1.2.42; 1.1.42
@antv/g-plugin-physx	npm	2.3.1; 2.2.1
@antv/g-plugin-rough-canvas-renderer	npm	2.3.1; 2.2.1
@antv/g-plugin-rough-svg-renderer	npm	2.3.1; 2.2.1
@antv/g-plugin-svg-picker	npm	2.2.46; 2.1.46
@antv/g-plugin-svg-renderer	npm	2.6.1; 2.5.1
@antv/g-plugin-webgl-device	npm	1.11.17; 1.10.17
@antv/g-plugin-webgl-renderer	npm	1.2.26; 1.1.26
@antv/g-plugin-webgpu-device	npm	1.11.17; 1.10.17
@antv/g-plugin-yoga	npm	2.5.1; 2.4.1
@antv/g-plugin-zdog-canvas-renderer	npm	2.3.1; 2.2.1
@antv/g-plugin-zdog-svg-renderer	npm	2.3.1; 2.2.1
@antv/g-shader-components	npm	2.2.0; 2.1.0
@antv/g-svg	npm	2.3.1; 2.2.1
@antv/g-web-animations-api	npm	2.3.32; 2.2.32
@antv/g-web-components	npm	2.3.1; 2.2.1
@antv/g-webgl	npm	2.3.1; 2.2.1
@antv/g-webgl-compute	npm	0.2.1; 0.1.1
@antv/g-webgpu	npm	2.3.1; 2.2.1
@antv/g-webgpu-compiler	npm	0.9.2; 0.8.2
@antv/g-webgpu-core	npm	0.9.2; 0.8.2
@antv/g-webgpu-engine	npm	0.9.2; 0.8.2
@antv/g-webgpu-raytracer	npm	0.7.1; 0.6.1
@antv/g-webgpu-unitchart	npm	0.7.1; 0.6.1
@antv/g2	npm	5.6.8; 5.5.8
@antv/g2-brush	npm	0.2.2; 0.1.2
@antv/g2-extension-3d	npm	0.4.0; 0.3.0
@antv/g2-extension-ava	npm	0.4.0; 0.3.0
@antv/g2-extension-plot	npm	0.4.2; 0.3.2
@antv/g2-plugin-slider	npm	2.3.1; 2.2.1
@antv/g2-ssr	npm	0.4.0; 0.3.0
@antv/g2plot	npm	2.6.35; 2.5.35
@antv/g2plot-schemas	npm	1.4.2; 1.3.2
@antv/g6	npm	5.3.1; 5.2.1
@antv/g6-alipay	npm	0.2.1; 0.1.1
@antv/g6-cli	npm	0.2.4; 0.1.4
@antv/g6-core	npm	0.10.24; 0.9.24
@antv/g6-editor	npm	1.4.0; 1.3.0
@antv/g6-element	npm	0.10.25; 0.9.25
@antv/g6-extension-3d	npm	0.3.23; 0.2.23
@antv/g6-extension-react	npm	0.4.7; 0.3.7
@antv/g6-mobile	npm	0.3.2; 0.2.2
@antv/g6-pc	npm	0.10.25; 0.9.25
@antv/g6-plugin	npm	0.10.25; 0.9.25
@antv/g6-plugin-map-view	npm	0.2.4; 0.1.4
@antv/g6-plugins	npm	1.2.9; 1.1.9
@antv/g6-react-node	npm	1.6.8; 1.5.8
@antv/g6-ssr	npm	0.3.1; 0.2.1
@antv/g6-wx	npm	0.2.1; 0.1.1
@antv/gatsby-theme	npm	0.3.0; 0.2.0
@antv/geo-coord	npm	1.2.8; 1.1.8
@antv/gi-assets-advance	npm	2.6.22; 2.7.22
@antv/gi-assets-algorithm	npm	2.5.19; 2.4.19
@antv/gi-assets-basic	npm	2.6.40; 2.5.40
@antv/gi-assets-galaxybase	npm	1.4.15; 1.3.15
@antv/gi-assets-graphscope	npm	2.3.15; 2.2.15
@antv/gi-assets-hugegraph	npm	1.3.15; 1.2.15
@antv/gi-assets-janusgraph	npm	1.3.15; 1.2.15
@antv/gi-assets-neo4j	npm	2.3.15; 2.2.15
@antv/gi-assets-scene	npm	2.4.21; 2.3.21
@antv/gi-assets-tugraph	npm	2.3.15; 2.2.15
@antv/gi-assets-tugraph-analytics	npm	0.4.15; 0.3.15
@antv/gi-assets-xlab	npm	0.3.30; 0.2.30
@antv/gi-cli	npm	1.4.11; 1.3.11
@antv/gi-common-components	npm	1.5.16; 1.4.16
@antv/gi-mock-data	npm	1.2.5; 1.1.5
@antv/gi-public-data	npm	1.2.1; 1.1.1
@antv/gi-sdk	npm	3.2.0; 3.1.0
@antv/gi-sdk-app	npm	1.4.10; 1.3.10
@antv/gi-theme-antd	npm	0.8.11; 0.7.11
@antv/github-config-cli	npm	0.3.0; 0.2.0
@antv/gl-matrix	npm	2.9.1; 2.8.1
@antv/gpt-vis	npm	1.2.0; 1.1.0
@antv/gpt-vis-ssr	npm	0.5.7; 0.4.7
@antv/graphin	npm	3.2.5; 3.1.5
@antv/graphin-components	npm	2.6.1; 2.5.1
@antv/graphin-graphscope	npm	1.2.5; 1.1.5
@antv/graphin-icons	npm	1.2.0; 1.1.0
@antv/graphlib	npm	2.1.4; 2.2.4
@antv/hierarchy	npm	0.9.1; 0.8.1
@antv/infographic	npm	0.4.19; 0.3.19
@antv/insight-component	npm	1.2.0; 1.1.0
@antv/interaction	npm	0.3.5; 0.2.5
@antv/istanbul	npm	0.2.0; 0.1.0
@antv/knowledge	npm	1.3.4; 1.2.4
@antv/l7	npm	2.27.10; 2.26.10
@antv/l7-component	npm	2.27.10; 2.26.10
@antv/l7-composite-layers	npm	0.19.1; 0.18.1
@antv/l7-core	npm	2.27.10; 2.26.10
@antv/l7-district	npm	2.5.12; 2.4.12
@antv/l7-draw	npm	3.3.5; 3.2.5
@antv/l7-editor	npm	1.3.13; 1.2.13
@antv/l7-extension-g-layer	npm	1.2.0; 1.1.0
@antv/l7-layers	npm	2.27.10; 2.26.10
@antv/l7-leaflet	npm	1.2.2; 1.1.2
@antv/l7-map	npm	2.27.10; 2.26.10
@antv/l7-mapkit	npm	0.7.0; 0.6.0
@antv/l7-maps	npm	2.27.10; 2.26.10
@antv/l7-mini	npm	2.22.8; 2.21.8
@antv/l7-pass	npm	1.2.0; 1.1.0
@antv/l7-react	npm	2.6.3; 2.5.3
@antv/l7-renderer	npm	2.27.10; 2.26.10
@antv/l7-scene	npm	2.27.10; 2.26.10
@antv/l7-source	npm	2.27.10; 2.26.10
@antv/l7-three	npm	2.27.10; 2.26.10
@antv/l7-utils	npm	2.27.10; 2.26.10
@antv/l7plot	npm	0.7.11; 0.6.11
@antv/l7plot-component	npm	0.2.11; 0.1.11
@antv/larkmap	npm	1.7.1; 1.6.1
@antv/layout-gpu	npm	1.3.7; 1.2.7
@antv/layout-wasm	npm	1.6.2; 1.5.2
@antv/li-aiearth-assets	npm	0.6.7; 0.5.7
@antv/li-analysis-assets	npm	1.10.1; 1.11.1
@antv/li-core-assets	npm	1.5.7; 1.4.7
@antv/li-editor	npm	1.7.1; 1.8.1
@antv/li-p2	npm	1.10.2; 1.9.2
@antv/li-sam-assets	npm	0.3.4; 0.2.4
@antv/li-sdk	npm	1.7.1; 1.6.1
@antv/lite-insight	npm	2.3.1; 2.2.1
@antv/matrix-util	npm	3.2.4; 3.1.4
@antv/mcp-server-antv	npm	0.3.8; 0.2.8
@antv/mcp-server-chart	npm	0.11.10; 0.10.10
@antv/my-f2	npm	2.3.7; 2.2.7
@antv/my-f2-pc	npm	0.3.1; 0.2.1
@antv/narrative-text-editor	npm	0.4.20; 0.3.20
@antv/narrative-text-schema	npm	0.5.7; 0.4.7
@antv/narrative-text-vis	npm	0.5.16; 0.4.16
@antv/path-util	npm	3.2.1; 3.1.1
@antv/react-g	npm	2.3.1; 2.2.1
@antv/s2	npm	2.9.1; 2.8.1
@antv/s2-react	npm	2.5.1; 2.4.1
@antv/s2-react-components	npm	2.3.2; 2.2.2
@antv/s2-ssr	npm	0.3.1; 0.2.1
@antv/s2-vue	npm	2.4.0; 2.3.0
@antv/sam	npm	0.4.0; 0.3.0
@antv/scale	npm	0.7.2; 0.6.2
@antv/semantic-release-pnpm	npm	1.2.4; 1.1.4
@antv/smart-color	npm	0.4.1; 0.3.1
@antv/stat	npm	0.2.2; 0.1.2
@antv/t8	npm	0.5.0; 0.4.0
@antv/thumbnails	npm	2.2.0; 2.1.0
@antv/thumbnails-component	npm	2.2.0; 2.1.0
@antv/torch	npm	1.2.6; 1.1.6
@antv/translator	npm	1.2.1; 1.1.1
@antv/util	npm	3.5.11; 3.4.11
@antv/vendor	npm	1.1.11; 1.2.11
@antv/vis-predict-engine	npm	0.3.1; 0.2.1
@antv/webgpu-graph	npm	1.2.0; 1.1.0
@antv/word-scale-chart	npm	0.5.4; 0.4.4
@antv/wx-f2	npm	2.3.1; 2.2.1
@antv/x6	npm	3.2.7; 3.3.7
@antv/x6-angular-shape	npm	3.2.1; 3.1.1
@antv/x6-common	npm	2.2.17; 2.1.17
@antv/x6-components	npm	0.12.7; 0.11.7
@antv/x6-geometry	npm	2.2.5; 2.1.5
@antv/x6-plugin-clipboard	npm	2.3.6; 2.2.6
@antv/x6-plugin-dnd	npm	2.3.1; 2.2.1
@antv/x6-plugin-export	npm	2.3.6; 2.2.6
@antv/x6-plugin-history	npm	2.4.4; 2.3.4
@antv/x6-plugin-keyboard	npm	2.4.3; 2.3.3
@antv/x6-plugin-minimap	npm	2.2.7; 2.1.7
@antv/x6-plugin-scroller	npm	2.2.10; 2.1.10
@antv/x6-plugin-selection	npm	2.4.2; 2.3.2
@antv/x6-plugin-snapline	npm	2.3.7; 2.2.7
@antv/x6-plugin-stencil	npm	2.3.5; 2.2.5
@antv/x6-plugin-transform	npm	2.3.8; 2.2.8
@antv/x6-react	npm	0.3.26; 0.2.26
@antv/x6-react-components	npm	2.2.9; 2.1.9
@antv/x6-react-shape	npm	3.2.1; 3.1.1
@antv/x6-vector	npm	1.6.2; 1.5.2
@antv/x6-vue-shape	npm	3.2.2; 3.1.2
@antv/x6-vue3-shape	npm	1.2.0; 1.1.0
@antv/xflow	npm	2.3.13; 2.2.13
@antv/xflow-core	npm	1.2.55; 1.1.55
@antv/xflow-diff	npm	1.2.0; 1.1.0
@antv/xflow-extension	npm	1.2.55; 1.1.55
@antv/xflow-hook	npm	1.2.55; 1.1.55
@lint-md/cli	npm	2.2.0; 2.1.0
@lint-md/core	npm	2.2.0; 2.1.0
@lint-md/parser	npm	0.2.14; 0.1.14
@openclaw-cn/cli	npm	1.4.1
@openclaw-cn/feishu	npm	0.2.11
@openclaw-cn/libsignal	npm	2.1.1
@openclaw-cn/toutiao-ops	npm	1.2.4
@starmind/collector-cli	npm	0.3.10