Axios npm packages were compromised in supply chain attack, with malicious code pushed through official releases

Axios users need to check their projects right away. Security researchers say two real Axios releases, 1.14.1 and 0.30.4, were maliciously published to npm after a maintainer account was likely hijacked, turning one of JavaScript’s most-used HTTP libraries into an active supply chain attack vector. The poisoned releases pulled in plain-crypto-js@4.2.1, a package that researchers […] The post Axios npm packages were compromised in supply chain attack, with malicious code pushed through official releases appeared first on VPN Central.