Malicious Axios Releases Raise Supply-Chain Risk for Crypto Apps, Socket Says

Malicious versions of Axios, a widely used JavaScript package on npm, were published with a hidden dependency that could expose apps—including crypto projects—to a supply-chain attack. Socket Security said the poisoned releases could be pulled automatically by projects using caret version ranges, and noted Axios has roughly 100 million weekly downloads. Developers were advised to check for axios@1.14.1, axios@0.30.4, and plain-crypto-js@4.2.1 and roll back if found.

Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.