💥 Supply chain nightmare continues! Axios a widely used HTTP client got compromised.

Malicious versions:
- axios 1.14.1 (latest)
- axios 0.30.4 (legacy)
- plain-crypto-js 4.2.x (postinstall backdoor)

NPM supply chain attacks are becoming more common, so I put together a short cheat sheet you can keep around to secure your pipeline.