On March 31, 2026 (UTC), the primary npm maintainer account (jasonsaayman) for the axios HTTP client was compromised. The attacker published two malicious versions:
axios@1.14.1 (tagged latest)axios@0.30.4 (tagged legacy)Both versions inject a hidden dependency (plain-crypto-js@4.2.1) that executes a postinstall hook dropping a cross-platform Remote Access Trojan (RAT). The malware self-destructs and replaces its own package.json to hide evidence.
| using GitHub.Copilot.SDK; | |
| // ── Config ────────────────────────────────────────────────────────── | |
| var endpoint = "https://<YOUR_ENDPOINT>.openai.azure.com/openai/deployments/<DEPLOYMENT>"; | |
| var apiKey = "<YOUR_API_KEY>"; | |
| var model = "<DEPLOYMENT_NAME>"; // e.g. "gpt-5.2-chat" | |
| // ── Create client ─────────────────────────────────────────────────── | |
| await using var client = new CopilotClient(); | |
| await client.StartAsync(); |
| :global cfu do={\ | |
| :local cfzoneid "<zone ID>";\ | |
| :local cfrecordid "<zone record ID>";\ | |
| :local cfdomain "<A record name>";\ | |
| :local cftoken "<cloudflare API token>";\ | |
| :local cfip [/ip cloud get public-address];\ | |
| :local cfproxied true;\ | |
| :local date [/system clock get date];\ | |
| :local time [/system clock get time];\ | |
| :local cfcomment "Updated by Mikrotik Cloudflare DDNS Script at $date $time";\ |
| package main | |
| import ( | |
| "context" | |
| "fmt" | |
| "github.com/docker/cli/cli/connhelper" | |
| "github.com/docker/docker/api/types" | |
| "github.com/docker/docker/client" | |
| "net/http" | |
| "os" |
| import React from 'react'; | |
| import { Flex } from '@chakra-ui/react'; | |
| import { PlayingCard, ALL_RANKS, ALL_SUITS } from './PlayingCard'; | |
| export function AllCards() { | |
| return ( | |
| <Flex flexWrap="wrap" gap={5} mt={20} padding={10}> | |
| {ALL_RANKS.map((rank) => | |
| ALL_SUITS.map((suit, idx) => ( | |
| <PlayingCard key={idx} suit={suit} rank={rank} width="22%" minWidth="200px" /> |
| import React from 'react'; | |
| import { IconBaseProps } from 'react-icons'; | |
| import { | |
| GiCardAceDiamonds, | |
| GiCard2Diamonds, | |
| GiCard3Diamonds, | |
| GiCard4Diamonds, | |
| GiCard5Diamonds, | |
| GiCard6Diamonds, | |
| GiCard7Diamonds, |
| package me.nathanjohnson | |
| import android.util.Log | |
| import kotlin.reflect.KClass | |
| /** | |
| * Transition from one state to another on a specific event. | |
| */ | |
| data class StateTransition<StateT, ResourceT>( |
| import subprocess | |
| import json | |
| from json.decoder import JSONDecodeError | |
| import subprocess | |
| from typing import Union, Any | |
| from termcolor import colored | |
| import shlex | |
| def run_pwsh( |
| def run_cmd_tty_stream(cmd, bytes_input=b''): | |
| """Streams the output of cmd with bytes_input to stdin, | |
| with stdin, stdout and stderr as TTYs. | |
| Each yield from this function is a tuple of (stream name [str], data [bytes]) | |
| Adapted from https://stackoverflow.com/a/52954716/507629 | |
| and https://gist.github.com/hayd/4f46a68fc697ba8888a7b517a414583e | |
| """ | |
| # provide tty to enable line-buffering |
| import subprocess | |
| import json | |
| from json.decoder import JSONDecodeError | |
| import errno | |
| import os | |
| import pty | |
| import select | |
| import subprocess | |
| import re | |
| from typing import Tuple, Any, Union |