Axios JavaScript library has been compromised with malware in supply chain attack

submitted by

github.com/axios/axios/issues/10604#issuecommen…

64

Log in to comment

Hot Top New Old

I was trying to figure out why people still use Axios, when the built-in fetch works just fine. Is it because people are still sending XML requests?

 reply
10
edited

It provides a lot of nice syntactic sugar that you would otherwise have to write a wrapper for on top of Fetch.
Built in request interception, request transformation, (de)serialization, shared request config, timeout/retries management, ...

Though this definitely comes with bloat and supply chain risks.

 reply
10

Because most projects are legacy projects.

 reply
3

I was reading through the thread, and it looks like the package mangers have implemented an option that says "only install package versions that are X minutes/days old". The idea is NPM has had time to act before your package manager installs that new version.

 reply
5

Really sophisticated attack

 reply
2