https://okulbida.com/tags/ci-cd/ Recent content in ci-cd on Oleksandr Kulbida Hugo -- gohugo.io Sat, 04 Apr 2026 00:00:00 +0200 https://okulbida.com/posts/axios-npm-supply-chain-min-release-age/ Sat, 04 Apr 2026 00:00:00 +0200 https://okulbida.com/posts/axios-npm-supply-chain-min-release-age/ npm min-release-age Use npm ci, not npm install Hardening GitHub Actions Summary In late March 2026, compromised axios builds briefly appeared on the npm registry (for example 1.14.1 and 0.30.4 on affected release lines). Attackers added a malicious dependency and used lifecycle scripts so a npm install could pull down far more than an HTTP client — a pattern we have seen before in registry incidents, not a bug in axios’ normal code.