axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigatin...

'No Way To Prevent This,' Says Only Package Repo Where This Regularly Happens
www.stepsecurity.io/blog/axios-c...

Too early.

Yup, it's me! Used to be @gavinatkinson on that other site. Not that I post much anywhere these days...