{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidqyg4ypqo6mog7bh5o2lpoqzlrmdzxgh7wsbchad5ykl5dslios4",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mifnffoam6v2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihsvfpil7luhdjoythguy2nggbv535pxb564fsobgeywy6ezggg7y"
    },
    "mimeType": "image/webp",
    "size": 25320
  },
  "path": "/axios-npm-packages-were-compromised-in-supply-chain-attack-with-malicious-code-pushed-through-official-releases/",
  "publishedAt": "2026-03-31T09:04:12.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Axios npm packages were compromised in supply chain attack, with malicious code pushed through official releases",
    "VPN Central"
  ],
  "textContent": "Axios users need to check their projects right away. Security researchers say two real Axios releases, 1.14.1 and 0.30.4, were maliciously published to npm after a maintainer account was likely hijacked, turning one of JavaScript’s most-used HTTP libraries into an active supply chain attack vector. The poisoned releases pulled in plain-crypto-js@4.2.1, a package that researchers […]\n\nThe post Axios npm packages were compromised in supply chain attack, with malicious code pushed through official releases appeared first on VPN Central.",
  "title": "Axios npm packages were compromised in supply chain attack, with malicious code pushed through official releases"
}