On March 31, 2026, one of the most operationally sophisticated supply chain attacks ever documented hit axios — an npm package with 83 million weekly downloads and adoption across virtually every JavaScript ecosystem.
An attacker compromised the npm credentials of jasonsaayman, the lead maintainer of axios. The attacker:
| .chat-message-wrapper { | |
| background: #240009; | |
| background: linear-gradient(115deg, rgba(36, 0, 9, 1) 25%, rgba(121, 9, 50, 1) 50%, rgba(255, 0, 77, 1) 100%); | |
| border: var(–border-size) solid rgba(255, 145, 178, 0.9); | |
| overflow: clip; | |
| padding: 10px 10px; | |
| margin: 20px 0; | |
| box-shadow: | |
| 0 20px 40px rgba(255, 0, 77, 0.3), | |
| 0 8px 16px rgba(121, 9, 50, 0.4), |
| { | |
| "version": 2, | |
| "type": "full", | |
| "values": { | |
| "p:0:chat.filtering.display-deleted": "DETAILED", | |
| "p:0:first_message_highlight.highlight_color": "#620F0F", | |
| "p:0:chat.tab-complete.prioritize-favorites": true, | |
| "p:0:chat.filtering.all-mentions": true, | |
| "p:0:first_message_highlight.first_time_chatter": true, | |
| "p:0:pubsub.enabled": true, |
| addEventListener('fetch', event => { | |
| event.respondWith(handleRequest(event.request)); | |
| }); | |
| async function handleRequest(request) { | |
| const url = new URL(request.url); | |
| const path = url.pathname; | |
| if (request.headers.get('Upgrade') === 'websocket') { | |
| return fetch(request, { |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <script> | |
| sessionStorage.redirect = location.href; | |
| const projectPages = true; // If you're using the base .github.io domain without a path (i.e. <name>.github.io is your home page), set this to false | |
| const l = window.location; | |
| const repo = projectPages ? '/' + l.pathname.split('/')[1] : ''; | |
| l.replace( | |
| l.protocol + '//' + l.hostname + (l.port ? ':' + l.port : '') + repo |
| html.xmas .frosting::before { | |
| content: ''; | |
| display: block; | |
| position: absolute; | |
| top: -7px; | |
| left: -3px; | |
| right: 0; | |
| z-index: 999; | |
| height: 23px; | |
| background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAXCAYAAACS5bYWAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABFpJREFUeNrUV0tIo1cUvpkYjQ4xxSA6DxuNqG0dtaUKOgs3s6i0dFd3pSsXdjeIixakiGA34sZuXCkoONLFwJTK4GMYLYXg29gatTpiXurkbd7vv9/5ub+IxuhA7eiFQ5Kbc8/57ne/e87/ywRBYLdl3GG3aNwqsLJ0k0tLS+fmcnNzWUVFBVMoFGx2djarvLxcm5OTw+bm5iytra2xc4ExNjY27iqVyvvwK6CpeDzuCYVC1urq6qDA9UcfPp+PHR4esmAwKK6tr68/l5/8rgQ2Ozub1dbWyiYmJooaGxt/VqvV38jlchX9l0qlwoFA4DWS/RKLxRxFRUVf5+XlPcaaT2AP0sVPJBL2SCRiAPBpu93+vKamZo/Ae71eZjabWV1dXVqw7CKwp43ksrCw8Bhg7MJ/PLDZ5PHx8cz29vYT5JGD/bSYLgTrcDgYdk6siSc6NjZWDaAe4ZoHQL+cmZnRpZPnhWDpD8kw7uKo9ML/NMCsd2tr61vkzboMrEyv138M7TyLRqMWMBsX3sMgaZhMpp+AR5EJrCocDpuEGzKg4x8khs+CVWxubvZfR9JkMik4nU7BarUKLpeLmLsKuwIqTLynp4fqmIzASrqQT09Pf1VVVfX0KsWZ6uHBwQHTaDSsoKAgo6/H4xHLEcrVyRwuEisrKzs5XrrIVAVwiUVDKRRrL+YI32ewdVhMApuHWvcj6vids6J2u90MF4yBHUZNgKoE |
| <script setup lang="ts"> | |
| import {isXmasTime} from "@/lib/dateTime"; | |
| // add xmas to your html class | |
| </script> | |
| <template> | |
| <div v-if="isXmasTime()" | |
| class="z-1199 absolute pointer-events-none opacity-50"> | |
| <template v-for="i in Array.from(Array(30).keys())" :key="i"> | |
| <div class="snowflake"></div> |
| [ApiController] | |
| [Tags("Media")] | |
| [ApiVersion(1.0)] | |
| [Authorize] | |
| [Route("api/v{version:apiVersion}")] | |
| public class HomeController : BaseController | |
| { | |
| [HttpGet] | |
| [Route("home")] | |
| public async Task<IActionResult> Home() |
| $noop( | |
| ######################################################################## | |
| # # | |
| # Picard File Naming Script 2020-11-15 # | |
| # Bob Swift [rdswift] # | |
| # # | |
| # License: GPLv3.0 # | |
| # # | |
| ######################################################################## | |
| # |