Native JSON modules are finally real. Matt Smith explains how import attributes let you load JSON files directly with import data from 'data.json' with { type: 'json' }, no bundler required. Browsers and runtimes handle JSON modules natively with explicit type declarations, eliminating build-time transformations and establishing a foundation for future structured module types. #json #js
https://allthingssmitty.com/2026/03/16/native-json-modules-are-finally-real/
Нативные JSON-модули наконец-то стали реальностью. Мэтт Смит объясняет, как атрибуты импорта позволяют загружать JSON-файлы напрямую через import data from 'data.json' with { type: 'json' } без сборщика. Браузеры и рантаймы обрабатывают JSON-модули нативно с явным указанием типа, что избавляет от трансформаций на этапе сборки и закладывает основу для будущих типов модулей. #json #js
https://allthingssmitty.com/2026/03/16/native-json-modules-are-finally-real/
is #js the next #java applets, some may remember, there were so many viruses and hacks has been happening with #applets around 2000s at the end they drop the applets totally.
Now having #dependabot or #snyk is like just bringing a new security hole strangely opposite the intention.
Probably better to not upgrade if all versions are secure and stay there forever 😃
https://blog.gslin.org/archives/2026/04/01/12962/axios-%e8%a2%ab%e6%a4%8d-malware/
axios 被植 malware
#attack #axios #bun #chain #code #ecosystem #javascript #js #malicious #malware #npm #pnpm #python #security #supply #uv
昨天的大新聞,這次的 supply chain attack 爆在 axios 上:「axios Compromised on npm - Malicious Versions Drop Remote Access Trojan (via)」,除非你的專案有刻意避開,儘量使用原生的 Fetch API 處理,不然幾乎都會用到,如果剛好在這段時間 npm update 的話就會中... 透過 dependency + postinstall 執行 malicious code: The malicious versions inject a new dependency, [email protected].
#axios #npm got hacked / inserted a #RAT
Make sure to immediately disconnect your Machine from the #internet and check your NPM/Axios Version.
Learn more here: https://youtu.be/o7NYXvYohYk
Please #boost this Post! 
#code #coding #hack #compromised #npm #dev #devnews #it #itnews #urgentnews #psa #publicsafety #JS #webdev #webdevs #webdeveloper #webdeveloment
One of the most popular JavaScript packages on earth Axios has been compromised
The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the most successful software supply chain attacks ever
💥 https://opensourcemalware.com/blog/axios-compromised
#javascript #axios #webdev #npm #js #dev #compression #softwareattribution #web #webdev #successful #attack #plaincryptojs #malware
RE: https://techhub.social/@Techmeme/116322870856344339
Why do people use Axios instead of the native Fetch API in 2026?
Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.
Web Standards
Веб-стандарты
Özkan Pakdil
Gea-Suan Lin
𝒏𝒂𝒌𝒂𝒆𝒏𝒐
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕
Jeremiah Lee
ThinkingElixir
Thinking Elixir
Andrey [0xdc, 0x09];