Fuwn Fuwn

Axios npm Supply Chain Compromise — Full Analysis Package

Date: 2026-03-31 | Attribution: BlueNoroff / Lazarus Group (HIGH confidence) Attack: Maintainer account hijacked, cross-platform RAT deployed via axios@1.14.1 and axios@0.30.4

What happened

On March 30-31, 2026, the npm package axios (~83M weekly downloads) was compromised through a maintainer account hijack. Two malicious versions injected plain-crypto-js@4.2.1, an obfuscated dropper that deploys platform-specific RATs (Windows PowerShell, macOS Mach-O C++, Linux Python). The macOS RAT is classified as NukeSped (Lazarus-exclusive). The internal project name macWebT links directly to BlueNoroff's documented RustBucket webT module from 2023.

File Index

Rust

Your code can be perfect

%% As developers we build critical infrastructure, it's time to build it in a language designed to build critical infrastructure. %%

The Freenode resignation FAQ, or: "what the fuck is going on?"

IMPORTANT NOTE:

It's come to my attention that some people have been spamming issue trackers with a link to this gist. While it's a good idea to inform people of the situation in principle, please do not do this. By all means spread the word in the communities that you are a part of, after verifying that they are not aware yet, but unsolicited spam is not helpful. It will just frustrate people.

Update 3 (May 24, 2021)

A number of things have happened since the last update.

-Xmx6G -Xms6G -XX:+UseG1GC -Dsun.rmi.dgc.server.gcInterval=2147483646 -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:G1ReservePercent=20 -XX:MaxGCPauseMillis=50 -XX:G1HeapRegionSize=32M

source: https://www.reddit.com/r/feedthebeast/comments/5jhuk9/modded_mc_and_memory_usage_a_history_with_a/
replace: -Xmx6G -Xms6G w/ right amount
along with the latest Java 8 64bits

Cでジェネリック

Cでもジェネリックが使える

関数オーバーロードみたいな感じ

引数の型によって関数の動作を変えたい

前に任意の型を引数に取る関数の実装を行ったが、なかなか無理があった。

あれではまだ満足出来ない。

与えた引数の型からマクロが呼び出す関数を変えるようにしたい。

GPG signing –

Here is a short guide that will help you setup your environment to create signed commits or signed tags with Git locally. This has been extensively tested on Windows with Git and the Github Desktop application: I use it every day for my professional development projects.

I you face any issue, feel free to leave a comment below.

	#!/usr/bin/env bash
	set -euo pipefail

	# patch-claude-code.sh — Rebalance Claude Code prompts to fix corner-cutting behavior
	#
	# What this does:
	# Patches the npm-installed @anthropic-ai/claude-code cli.js to rebalance
	# system prompt instructions that cause the model to cut corners, simplify
	# excessively, and defer complicated work.
	#

	type Fix<A> = (arg: Fix<A>) => A

	type Unit = <T>(
	unit: () => T
	) => T;

	type Bool = <T>(
	$true: () => T,
	$false: () => T,
	) => T;

	let x(t) = distance from dest on x
	let y(t) = distance from dest on y
	let z(t) = distance from dest on z
	let r(t)^2 = x(t)^2 + y(t)^2 + z(t)^2
	let f(t) = force

	x(0) initial condition
	y(0) initial condition
	z(0) initial condition
	f(t)

	var index = 0;
	if (confirm(`Are you sure you want to DELETE ALL your entries in this section?`)) {
	$("a.animetitle").each(function () {
	var animeLink = $(this).attr("href");
	var animeId = animeLink.substring(
	animeLink.lastIndexOf("anime/") + 6,
	animeLink.lastIndexOf("/")
	);
	var deleteUrl = `/ownlist/anime/${animeId}/delete`;
	setTimeout(function () {