devsimsek
@devsimsek@universeodon.com
Hardware and software enthusiast. Pixelfed: @devsimsek
universeodon.com
🚨 Two posts in one day. I might be back.
First: the Axios npm supply chain attack. 83M weekly downloads.
Compromised. A RAT delivered via postinstall. Turns out npm install
is just... running code as you. Treat it like one.
→ https://smsk.dev/2026/03/31/npm-install-is-not-your-friend-either-the-axios-supply-chain-attack/
Second: I finally caved and set up Proxmox. I was wrong to wait
this long. That's all I'll say until you read it.
→ https://smsk.dev/2026/03/31/proxmox-i-was-wrong-to-wait/
Send help (or coffee). ☕
#Proxmox #npm #SupplyChain #InfoSec #WebDev #OpenSource #JavaScript
3
0
1
stux⚡️
@stux@mstdn.social
From the Netherlands 🇳🇱 Social media needs to be fun, safe and secure again. Our team and I are working hard to keep that possible here for you♥️
mstdn.social
#Axios #npm Package Compromised: Supply Chain Attack Delivers Cross-Platform #RAT
https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/
https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/
5
2
9
You've seen all posts