April 4: Audre Lorde (1934-1992), "A Lover's Song," 1968: oliviacirce.dreamwidth.org/439187.html #npm

National Poetry Month, Independent Bookstore Day, and So Much More! — Rutherford Arts Alliance There's a lot going on this April in the literary world of Rutherford County! Check it out!

This month's blog for the Rutherford Arts Alliance is up! From #nationalpoetrymonth to #independentbookstoreday, there's a lot going on this month--including two workshops with me!! www.rutherfordartsalliance.org/news/2026/4/...

#npm #murfreesboro #smyrna #localarts #writing #reading #tennessee #tn

The Hidden Blast Radius of the Axios Compromise - Socket The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

The Hidden Blast Radius of the Axios Compromise, by @ahmadnassri@mastodon.online (@socketsecurity@fosstodon.org):

socket.dev/blog/hidden-blast-radius...

#dependencies #npm #security

Bookmark from Four-eyed Grog Bookstore in Gualala, California along with a chapbook of poems by Edna St. Vincent Millay

Whimsical metal frog sculptures

It’s #NationalPoetryMonth so of course I had to buy this little chapbook of ESVM’s poems printed by Underground Books in NYC, and found at Four-Eyed Frog Books in Gualala, just north of Sea Ranch on the NorCal coast. A gem of a bookstore! #poetry #NPM

April 3: Li-Young Lee, "One Heart," 2001 (and shout-out to @thefourthvine.bsky.social ❤️): oliviacirce.dreamwidth.org/439029.html #npm

What To Know in JavaScript (2026 Edition) An overview of what's new in language features, frameworks, runtimes, build tools, testing, and more.

#Development #Overviews
What to know in JavaScript 2026 · ECMAScript, frameworks, runtimes, build tools, testing, npm ilo.im/16bwb5 by Chris Coyier

_____
#EcmaScript #JavaScript #TypeScript #Runtimes #Bundlers #Frameworks #Npm #DevOps #WebDev #Frontend #Backend

axios compromised on npm: maintainer account hijacked, RAT deployed Malicious axios versions 1.14.1 and 0.30.4 were published via a hijacked maintainer account. A hidden dependency deploys a cross-platform RAT. Check if you are affected and remediate now.

Bleah. I come back to work after two weeks and find a two-day old message that the #axios #npm package has been compromised. Fortunately, we don't seem to have been affected, but .... that could be bad.

Axios NPM Supply Chain Attack

~Talos~
Malicious Axios npm packages (v1.14.1, v0.30.4) were deployed to deliver a RAT and steal credentials.
-
IOCs: 142[. ]11[. ]206[. ]73, Sfrclak[. ]com
-
#SupplyChain #ThreatIntel #npm

Axios npm Compromise via Social Engineering

~Socket~
Axios maintainer confirms a targeted social engineering attack hijacked active sessions to publish a remote access trojan to npm.
-
IOCs: (None identified)
-
#SupplyChain #ThreatIntel #npm

L'Attacco alla Supply Chain di Axios e il RAT Multipiattaforma di Sapphire Sleet - LobSec Analisi tecnica dell'attacco alla supply chain di Axios su npm. Scopri le meccaniche di infezione del RAT Sapphire Sleet e le strategie di mitigazione SOC.

🔗 blog.lobsec.com/2026...

#Cybersecurity #DevSecOps #MalwareAnalysis #npm #InfoSec #ThreatHunting

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a

iT4iNT SERVER UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack VDS VPS Cloud #CyberSecurity #SupplyChainAttack #SocialEngineering #npm #Axios

March 2026 Supply Chain Attacks: TeamPCP & Axios Analyzed A technical breakdown of the March 2026 supply chain attacks, examining how threat actors like TeamPCP and UNC1069 compromised Trivy, LiteLLM, and Axios—and how to stop them.

The March 2026 supply chain attacks are rewriting the rules of developer security. 🚨

Read the full deep-dive: www.security.land/2026-supply-...

#SecurityLand #BreachBreakdown #SupplyChainAttack #NPM #Cybersecurity #Axios #Trivy #TeamPCP #UNC1069

100 million weekly downloads. One malicious package. Your machine is now a botnet. 💀 This is the scariest NPM mash ever. #JavaScript #PotatoSecurity #WebDev #NPM #CodeReport

#Axios has over 70 million weekly #npm downloads. On March 31, 2026, two malicious packages impersonating new Axios versions were published. If you didn't notice, no worries — your CI/CD pipeline probably didn't either. Time to check those lockfiles.

Master the data flow: Discover step-by-step how Axios processes your POST requests and handles promises.

Master the data flow: Discover step-by-step how Axios processes your POST requests and handles promises. 🚀EN

Domina el flujo de datos: Descubre paso a paso cómo Axios procesa tus peticiones POST y maneja promesas. 🚀ES

#programming #coding #webdev #devs #softwaredevelopment #axios #npm #nodejs

The Axios npm attack exposed a massive supply chain blind spot: `postinstall` scripts. North Korea-linked hackers deployed a RAT via a trusted package. Are your dev machines safe?

thepixelspulse.com/posts/axios-supply-chain...

#axios #npm #supplychainattack

Captcha Check Hello, you've been (semi-randomly) selected to take a CAPTCHA to validate your requests. Please complete it below and hit the button!

April 2: Clint Smith, "For the Hardest Days," 2016: oliviacirce.dreamwidth.org/438530.html #npm

The Axios npm Supply Chain Attack (March 2026): A 2-Second Breach Window That Compromised the… You run npm install. It’s muscle memory at this point.

The scariest part of the Axios npm attack?

Not the malware.

The timing.

~2 seconds after install → C2 connection → RAT deployed.

All via a hidden dependency + postinstall script.

No code changes. No red flags.

Deep dive 👇 #infosec #javascript #npm

javascript.plainenglish.io/the-axios-np...

Axios Compromise Blast Radius

~Socket~
Dynamic executions via npx and unpinned dependency ranges exposed CI systems and CLIs to the malicious Axios 1.14.1 release.
-
IOCs: axios@1. 14. 1, plain-crypto-js@4. 2. 1
-
#SupplyChain #ThreatIntel #npm

Axios npm attack causes JavaScript supply chain chaos Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million weekly downloads.

North Korean state actor Sapphire Sleet compromised the project’s lead maintainer by stealing a long-lived npm access token. #javascript #axios #npm #js #infosec #devsecops #supplychain #opensource #technology

Axios npm Compromise

~Crowdstrike~
STARDUST CHOLLIMA likely compromised the Axios npm package to deploy ZshBucket malware.
-
IOCs: sfrclak. com, 142. 11. 206. 73, 23. 254. 203. 244
-
#Malware #ThreatIntel #npm

HTTP-Client Axios kompromittiert

@AWNetworks #Angriffsfläche #ArcticWolf #Axios #BuildTimeTool #Cybersecurity #Cybersicherheit #NPM #SBOM

netzpalaver.de/2026/...

Happy National Poetry Month!

💗📝🌻

Anyone trying for 30/30? Let’s cheer each other on! I’m super rusty and hadn’t written anything new in at least a year.
Writing prompts always welcome.

#NPM
#NPWM
#SpringThings
#HappySpring
#APoemADay
#BleatsFromTheVoid

Anthropic accidentally leaked Claude Code's full source code through npm packaging error. Over 500,000 lines across 2,000 TypeScript files exposed via map file. Discovered March 31, forked 40k+ times before takedown. Human error during release process. #AI #security #npm

Simpsons meme: 0 days without a vulnerability in the JS dependencies

Another day in JavaScript paradise...

#JavaScript #NPM #DependencyHell

One npm package. Millions affected. Supply chain attacks are now the biggest dev risk.

#TrendThursday #CyberSecurity #SupplyChainAttack #npm #DevSecOps

@skolinkvisition.bsky.social @asa.tsbalans.se

#Val2026 #skolan #utbildning #bildning #NPM

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

📢 PUBLIC SERVICE ANNOUNCEMENT 📢

There’s a nasty RAT (Remote Access Trojan) exploit in #Axios.

- #Fireship overview: www.youtube.com/watch?v=o7N...
- Check if you’re compromised (via #StepSecurity): tinyurl.com/38mx9dve

#JavaScript #WebDev #npm

This #hack of #npm is a disaster.

If you aren't well-versed enough with NPM and finding #dependencies, this video will give you a mini-deep-dive and help you gauge your risk and do some triage... Watch for the terminal commands.

youtu.be/eGSsoSEppNU

Supply Chain Attack on Axios Pulls Malicious Dependency from... A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHu...

socket.dev/blog/axios-n...

#npm #js #javascript #hacking #security #packageManager #axios