Axios npm Supply Chain Attack: Malicious Versions Drop Remote Access Trojan
Two poisoned releases of axios β one of the most widely-used Node.js HTTP client libraries β were published and pulled from npm within hours. Here's what happened, how the attack worked, and what you need to do right now.