DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Post Mortem: axios npm supply chain compromise

Quality: 8/10 Relevance: 9/10

Summary

Two malicious axios versions were published to npm via a compromised maintainer account, injecting a remote access trojan. The post mortem covers timeline, remediation steps, and security improvements such as immutable releases and OIDC adoption. It highlights lessons for maintainers, CI pipelines, and organizations relying on open source packages.

🚀 Service construit par Johan Denoyer