fix(incident): add manual intel for the May 2026 @antv npm compromise

[garagon]

Summary

Adds known-compromised package/version entries for the May 2026 npm supply-chain incident affecting the AntV visualization libraries and a small set of related packages.

The embedded OSV snapshot did not carry these tuples at the time of writing, so aguara check returned clean on installed trees and pnpm-lock.yaml lockfiles that pinned the malicious versions.

Coverage added (npm ecosystem)

Package	Versions	npm registry deprecated field
@antv/g2	5.5.8, 5.6.8	"risk"
@antv/g6	5.2.1, 5.3.1	"SECURITY: This version was published with a compromised key. Do not use this version."
@antv/x6	3.2.7, 3.3.7	"This version was published in error..."
@antv/l7	2.26.10, 2.27.10	"恶意版本" (malicious version)
@antv/f2	5.16.0	"risk"
@antv/data-set	0.12.8, 0.13.8	"This version was published in error..."
echarts-for-react	3.0.7, 3.1.7, 3.2.7	"This version was published in error..."
timeago.js	4.1.2	"This version was published in error..."
size-sensor	1.0.4, 1.1.4, 1.2.4	"This version was published in error..."
canvas-nest.js	2.2.4	"This version was published in error..."

Verification policy

Every entry is verified against registry.npmjs.org. The deprecated field on the version must carry an explicit security, "risk", "published in error", or malicious-version notice from the package maintainer. Versions without that registry-side signal were omitted even when third-party trackers list the package.

The TanStack / Mistral / UiPath wave reported in the same campaign is already covered by the embedded OSV snapshot (MAL-2026-3432 and adjacent MAL-2026-* records) and is not duplicated here.

Snapshot freshness

knownCompromisedGeneratedAt is bumped to 2026-05-19 so the manual snapshot's GeneratedAt covers the new entries. A regression test (TestKnownCompromisedSnapshotGeneratedAtCoversFreshestEntry) walks KnownCompromised, parses every Date string, and requires snap.GeneratedAt >= max(Date). Future intel additions that forget the bump fail the suite with a direct pointer at intel_adapter.go.

Tests

• TestCheckNPM_MiniShaiHulud_AntvWave: installed-tree (node_modules) path emits CRITICAL with the advisory ID in the finding title; covers one scoped and one unscoped package.
• TestCheckNPM_MiniShaiHulud_NeighborVersionDoesNotFalsePositive: pins adjacent clean versions; asserts no findings. Regression guard against accidental range expansion in future intel updates.
• TestCheck_PnpmLockMiniShaiHuludAntvFiresFinding: new testdata/pnpm-mini-shai-hulud-antv/pnpm-lock.yaml fixture wired through the full CLI; asserts CRITICAL on a pre-install pnpm-lock.yaml (no node_modules present).
• TestKnownCompromisedSnapshotGeneratedAtCoversFreshestEntry: new freshness guard described above.
• Existing TestKnownCompromisedSnapshotParity continues to pass and exercises every new entry through the intel matcher path.

End-to-end side-by-side

docker run --rm --network none -v /tmp/fixture:/repo:ro \
  ghcr.io/garagon/aguara:0.18.0 check /repo --format json
# findings_count: 0

docker run --rm --network none -v /tmp/fixture:/repo:ro \
  <this-branch-image> check /repo --format json
# findings_count: 2
# - CRITICAL @antv/g2 5.6.8 is a known compromised npm package (SOCKET-2026-05-19-mini-shai-hulud-antv)
# - CRITICAL echarts-for-react 3.2.7 is a known compromised npm package (SOCKET-2026-05-19-mini-shai-hulud-antv)

Scope

• Data-only addition to KnownCompromised.
• One-line timestamp bump on knownCompromisedGeneratedAt.
• No schema change.
• No new analyzer, no new rule, no behavioral detection.
• No CHANGELOG entry (will land with the v0.18.1 release prep).

Test plan

• go test -race -count=1 ./... clean
• go vet ./... clean
• golangci-lint run ./... 0 issues
• VERSION=v0.18.0 .github/scripts/check-version-pins.sh clean
• Side-by-side Docker E2E against ghcr.io/garagon/aguara:0.18.0 shows the gap closes
• CI green on this PR