Axios JavaScript library has been compromised with malware in supply chain attack

qaz@lemmy.world · 9 days ago

Axios JavaScript library has been compromised with malware in supply chain attack

Eskuero@lemmy.fromshado.ws · 9 days ago

You can mitigate similar attacks by editing your .npmrc

min-release-age=7 # days
ignore-scripts=true

PetteriPano@lemmy.world · 9 days ago

It’s a good way to keep the exploit around for seven days, too, if you apply it right away.

TechnoCat@piefed.social · 9 days ago

I always advocate switching to pnpm where install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks.

Axios JavaScript library has been compromised with malware in supply chain attack

Axios JavaScript library has been compromised with malware in supply chain attack

axios@1.14.1 and axios@0.30.4 are compromised · Issue #10604 · axios/axios