Jeff Geerling1d ago

Another day, another supply chain attack, this time Axios: https://github.com/axios/axios/issues/10604

Makes me glad I'm lazy and intentional about dependency updates. But it's a worrying trend. Soon we'll be tracking these things by the hour.

[email protected] and [email protected] are compromised · Issue #10604 · axios/axios

more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...

GitHub
Show threadIan
@geerlingguy While the Node ecosystem being as popular as it is makes it a big target, it also means these issues have a lot of visibility leading to real change.
Mar 31 at 4:53amWeb