Axios, Super Popular NPM Package, Was Compromised in Attack on the Module’s Maintainer

Daring Fireball
By John GruberApr 2, 2026, 2:42 pm186 pts
StepSecurity: If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised. There are zero lines of malicious code inside axios itself, and that’s exactly what makes this attack so dangerous. Both poisoned releases inject a fake dependency, plain-crypto-js@4.2.1, a package never…

Read Article Share
Share Article
- email
- x.com
- facebook
- pocket
- reddit
- tumblr
- linkedin
- pinterest

Trending Today on MacHash

Mac OS X Cheetah Successfully Ported to Nintendo Wii 270

OpenAI Adds New $100/Month ChatGPT Subscription Tier for Heavier Codex Use 263

Apple Mac Shipments Grew 9% in Q1 2026, Outpacing Overall PC Market 257

New Apple TV movie starring Keanu Reeves now available to stream 250

Researchers detail how a prompt injection attack bypassed Apple Intelligence protections 235

If your Mac is having Wi-Fi issues, macOS 26.4.1 is here to help 227

Apple Apparently Still Undecided on iPhone 18 Pro Dynamic Island 226

Why more carmakers race to adopt iPhone car keys 226

About MacHash

MacHash is your real-time Apple news aggregator, delivering the latest headlines on Apple, Mac, iPhone, iPad, and iOS from top sources across the web.

As a powerful content discovery platform, MacHash continuously curates breaking news, product announcements, software updates, reviews, and industry insights related to Apple Inc. and its ecosystem.

MacHash helps you stay informed on everything from macOS and iOS developments to Apple Watch, AirPods, and the latest in tech and app innovation.

Access MacHash from your desktop or mobile device to explore, follow, and share the most trusted Apple news all in one place.