CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

🦋 🚨 Active supply chain attack on axios@1.14.1.

1 Posts 1 Posters 0 Views

B This user is from outside of this forum
B This user is from outside of this forum
bloglab@mstdn.feddit.social

wrote last edited by

#1

Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today.
We're still investigating. If you use axios, pin your version and audit your lockfile. https://socket.dev/blog/axios-npm-package-compromised
https://bsky.app/profile/socket.dev/post/3mid7jgod6c2h
#Security #SupplyChain #Bluesky
1 Reply Last reply
1
0
R relay@relay.infosec.exchange shared this topic

Log in to reply