Socket

🧨 Axios only needed to be resolved somewhere in your dependency graph to affect you.

Semver + transitive deps + runtime installs = hidden blast radius.

If you only checked your project’s lockfile, you may still not know.

https://socket.dev/blog/hidden-blast-radius-of-the-axios-compromise #nodejs

The Hidden Blast Radius of the Axios Compromise - Socket

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

Socket
8:50pmWeb