Socket🚨 Active supply chain attack on [email protected]. The latest version pulls in [email protected] -- a brand-new package that didn't exist before today.
We're still investigating. If you use axios, pin your version and audit your lockfile.
Supply Chain Attack on Axios Pulls Malicious Dependency from...
A supply chain attack on Axios introduced a malicious dependency, [email protected], published minutes earlier and absent from the project’s GitHu...
joriki