𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕

One of the most popular JavaScript packages on earth Axios has been compromised

The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the most successful software supply chain attacks ever

💥 https://opensourcemalware.com/blog/axios-compromised

#javascript #axios #webdev #npm #js #dev #compression #softwareattribution #web #webdev #successful #attack #plaincryptojs #malware

One of the most popular JavaScript packages on earth Axios has been compromised

The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the most successful software supply chain attacks ever

7:40pmWeb
Show thread𝗣𝗠𝗝 ⚫7h ago

@kubikpixel

when i tried nodejs for the first time, i needed ONE lib and it downloaded 200+ packages
that's when knew this system is total fubar and i terminated my nodjs career immediately

Show threadThomas Fricke (he/his)7h ago

@pmj @kubikpixel

Typosquatting or packages with name similarities infected Python and Ruby some years ago. Ugly, but fixable.

NPM is controlled by Microslop via Gitslop.