axios npm package hit by supply-chain attack; malicious code found in v1.14.1

ME News reported that on March 31 (UTC+8), Yu Xian, founder of SlowMist, relayed an alert from Feross, founder of Socket AI, warning that axios—a core dependency in the npm ecosystem—is facing an active supply-chain attack. The latest release, axios@1.14.1, was reportedly injected with a previously unseen package, plaincryptojs@4.2.1. Socket AI’s analysis has identified plaincryptojs@4.2.1 as malware. With axios seeing more than 100 million weekly downloads, any project that pulls the latest version may be exposed to compromise. Feross urged axios users to pin their current versions immediately, audit their lock files, and avoid upgrading to the latest release. (Source: Foresight News)

Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.

axios npm package hit by supply-chain attack; malicious code found in v1.14.1

Bitcoin’s $75K rebound faces fragile liquidity as analysts flag cascade risks

Strategy Bitcoin Treasury Reaches 761,068 BTC as AIs Map Path to 1 Million by 2026–2027

Ripple Unveils Full-Stack Institutional Platform in Brazil as Shiba Inu Futures OI Jumps 26% and XRP Holds $1.53 Support

Whales Accumulate 470 Million DOGE in 72 Hours as Dogecoin Holds Key Long-Term Support

SEC clears Nasdaq pilot for trading and settling tokenized equities onchain

Fed keeps benchmark rate at 3.5–3.75% as Middle East conflict and energy prices cloud outlook