A supply chain attack has compromised the Axios npm package by introducing a malicious dependency, plain-crypto-js@4.2.1, published just minutes before the affected Axios release. The compromised versions (axios@1.14.1 and axios@0.30.4) do not appear in Axios's official GitHub tags, suggesting the publish occurred outside the
Table of contents
Release Appears Outside Normal Axios Workflow #Malicious Dependency Published Minutes Earlier #Suspicious Publisher Activity #What to do now #Sort: