axios@1.14.1 and axios@0.30.4 are compromised · Issue #10604 · axios/axios
github.com
more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...
  • moseschrute@crust.piefed.socialEnglish
    5·
    1 day ago

    I was reading through the thread, and it looks like the package mangers have implemented an option that says “only install package versions that are X minutes/days old”. The idea is NPM has had time to act before your package manager installs that new version.

  • Armand1@lemmy.world
    10·
    1 day ago

    I was trying to figure out why people still use Axios, when the built-in fetch works just fine. Is it because people are still sending XML requests?

    • L_Acacia@lemmy.ml
      11·
      1 day ago

      It provides a lot of nice syntactic sugar that you would otherwise have to write a wrapper for on top of Fetch. Built in request interception, request transformation, (de)serialization, shared request config, timeout/retries management, …

      Though this definitely comes with bloat and supply chain risks.