<![CDATA[🦋 🚨 Active supply chain attack on axios@1.14.1.]]>🦋 🚨 Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today.

We're still investigating. If you use axios, pin your version and audit your lockfile. https://socket.dev/blog/axios-npm-package-compromised

🔗 https://bsky.app/profile/socket.dev/post/3mid7jgod6c2h

]]>https://board.circlewithadot.net/topic/46e019b9-fc87-41bf-9181-75103bf1fbfe/active-supply-chain-attack-on-axios@1.14.1.RSS for NodeThu, 09 Apr 2026 19:09:25 GMTTue, 31 Mar 2026 07:30:41 GMT60