Kyro38Apr 3

Post Mortem: axios NPM supply chain compromise

https://github.com/axios/axios/issues/10636

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

GitHub
Show threaduticus

> March 31, around 01:00 UTC: community members file issues reporting the compromise. The attacker deletes them using the compromised account.

Interesting it got caught when it did.

Apr 3 at 1:30amWeb