Control plane
Draft
Detail editor for one draft. Save, approve into queue, or reject out of the editorial flow.
local DBprivate
Source
2026-03-31 07:54:49.000000
axios may be under active supply chain compromise.
The newest release reportedly pulls in a brand-new dependency that behaves like installer malware:
runtime deobfuscation, shell execution, temp-dir staging, artifact cleanup.
If you use axios:
pin now
freeze upgrades
audit lockfiles
check CI/CD installs
100M+ weekly downloads means this is not a niche incident.
It is blast-radius territory.
primary quoted_tweetsecondary quote_wrapperref tweet
reference: https://x.com/feross/status/2038807290422370479
Quoted original
Feross (@feross) · Tue Mar 31 02:35:11 +0000 2026
🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages.
The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.
This is textbook supply chain installer malware. axios
Draft text
Req 2026-03-31T0801-TOP1
Queue membership is preserved when editing an already approved draft.