kaxil · March 31, 2026 11:14
diff --git a/quarantine-hook.sh b/quarantine-hook.sh
 Were you hit by the axios supply chain attack?

 Check for the RAT payload first:

 ls /Library/Caches/com.apple.act.mond /tmp/ld.py 2>/dev/null && echo "INFECTED" || echo "Clean"

 Then check if you ever resolved the bad versions:

 find ~ -maxdepth 8 \( -name 'package-lock.json' -o -name 'pnpm-lock.yaml' -o -name 'yarn.lock' \) -exec grep -l 'axios.*1\.14\.1\|axios.*0\.30\.4' {} +

 If both clean, you're good. If the second finds something but first is clean — you resolved the version but may have been saved by --ignore-scripts or a lock file.

 Permanent fix (5 min): add min-release-age=7 to your ~/.npmrc. npm won't install anything published less than 7 days ago. pnpm, bun, and uv have equivalents too.
	Were you hit by the axios supply chain attack?

	Check for the RAT payload first:

	ls /Library/Caches/com.apple.act.mond /tmp/ld.py 2>/dev/null && echo "INFECTED" \|\| echo "Clean"

	Then check if you ever resolved the bad versions:

	find ~ -maxdepth 8 \( -name 'package-lock.json' -o -name 'pnpm-lock.yaml' -o -name 'yarn.lock' \) -exec grep -l 'axios.1\.14\.1\\|axios.0\.30\.4' {} +

	If both clean, you're good. If the second finds something but first is clean — you resolved the version but may have been saved by --ignore-scripts or a lock file.

	Permanent fix (5 min): add min-release-age=7 to your ~/.npmrc. npm won't install anything published less than 7 days ago. pnpm, bun, and uv have equivalents too.
No results found