Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

Popular web-code library poisoned by malicious release

'This is unironically a malware nuclear missile.' ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

A popular coding tool was hijacked to deliver malware.

A hacker took over an account belonging to the lead maintainer of the JavaScript library, Axios, which is used to handle HTTP requests, as reported by Cybernews. Security researchers found that ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
Windows Report

Axios Hack Bypasses GitHub Protections and Installs Hidden Malware on Systems

The popular JavaScript HTTP client Axios has been compromised in a supply chain attack, exposing projects to malware through ...
GitHub

JavaScript heap out of memory on install

Downloading @openai/[email protected]: 119.34 MB/119.34 MB, done Progress: resolved 1, reused 0, downloaded 0, added 0 <--- Last few GCs ---> [347:0xfffd4c010000] 11234 ms: Scavenge 397.2 (526.6) -> 397.2 ...
decrypt

North Korean Hackers Target Crypto Devs Through Open-Source Software Hub

Add Decrypt as your preferred source to see more of our stories on Google. More than 300 malicious code packages were uploaded to npm in what researchers call the “Contagious Interview” campaign. The ...