The malicious versions of axios differed from legitimate releases by including a dependency on plain-crypto-js, a trojanized package. These versions were published directly via a compromised maintainer account and later removed from npm following disclosure. Due to the short e...

The malicious versions of axios differed from legitimate releases by including a dependency on plain-crypto-js, a trojanized package. These versions were published directly via a compromised maintainer account and later removed from npm following disclosure. Due to the short e...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/axios-supply-chain-attack