Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
A widely used JavaScript package used with over a hundred million weekly downloads has been compromised in a new supply chain attack to fetch a malware payload for Windows, Linux systems and macOS ...