https://okulbida.com/tags/axios/ Recent content in axios on Oleksandr Kulbida Hugo -- gohugo.io Sat, 04 Apr 2026 00:00:00 +0200 https://okulbida.com/posts/axios-npm-supply-chain-min-release-age/ Sat, 04 Apr 2026 00:00:00 +0200 https://okulbida.com/posts/axios-npm-supply-chain-min-release-age/ In late March 2026, compromised axios builds briefly appeared on the npm registry (for example 1.14.1 and 0.30.4 on affected release lines). Attackers added a malicious dependency and used lifecycle scripts so a npm install could pull down far more than an HTTP client — a pattern we have seen before in registry incidents, not a bug in axios’ normal code. The bad versions were taken down quickly, but any machine or CI job that installed them in that window should be treated as potentially affected: rotate secrets where relevant, check install logs and lockfiles, and pin to known-good versions (axios at or below 1.