Breaking News: Axios Hacked, Anthropic Leaked!

Two major security incidents hit the npm ecosystem on March 31st. First, the Axios npm package was hijacked by a North Korean threat actor (UNC1069) who compromised the lead maintainer's account and pushed malicious versions containing a phantom dependency that installed a remote access Trojan to harvest AWS keys, GitHub tokens, and database passwords. Developers who ran npm install during a specific window should assume full machine compromise and revoke all credentials. Second, Anthropic accidentally leaked 512,000 lines of proprietary Claude Code CLI source code via an accidentally included source map file, revealing internal model codenames, agentic orchestration logic, performance optimizations, and an 'undercover mode' for employee open source contributions. The leak is particularly damaging given Anthropic's rumored $60B IPO plans.