"On March 31, 2026, two malicious versions (1.14.1 and 0.30.4) of axios, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account.

bettina@mastodon.nu

"On March 31, 2026, two malicious versions (1.14.1 and 0.30.4) of axios, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account. The packages contained a hidden dependency that deployed a cross-platform remote access trojan (RAT) to any machine that ran npm install (or equivalent in other package managers like Bun) during a two-hour window."
https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/

bettina@mastodon.nu

Bagefter kom jeg til at tænke på at det er første april... Håber ikke det er en joke...

lykkebrammer@mastodon.social

@bettina Det er med at passe lidt på i dag...

bettina@mastodon.nu

Nå, det var det desværre ikke, en joke... https://www.linkedin.com/posts/oddergaard_hvis-du-arbejdede-som-udvikler-mellem-kl-activity-7444822946092630018-6hzX