npm

2 posts

Axios Compromise: What Actually Happened

An analysis of the axios supply chain compromise, focusing on how compromised credentials enabled malicious code distribution and why trust in software registries without verification is a systemic risk.

Apr 3, 2026

Article

The Advisory Told You to Update. It Didn't Tell You What's Already Running.

Patching the advisory isn't enough. If your CI pipeline ran during the compromise window, the compromised code is baked into your container images and still running. Here's how to find it.

Apr 2, 2026