@socket.dev on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Socket

socket.dev

did:plc:n6f3j47vjucu5ijwdmow7n2w

🚨 Active supply chain attack on axios@1.14.1. The latest version pulls in plain-crypto-js@4.2.1 -- a brand-new package that didn't exist before today. We're still investigating. If you use axios, pin your version and audit your lockfile. https://socket.dev/blog/axios-npm-package-compromised

2026-03-31T03:14:52.860Z