open source security

2 posts

How Identity Presentation Without Verification Enabled a Credential Compromise

A breakdown of how the Axios npm credential breach occurred due to identity presentation without technical validation, highlighting systemic risks in open-source infrastructure.

Apr 13, 2026

Article

The Real Failure in the axios npm Compromise Wasn't Code - It Was Trust

The [email protected] and [email protected] npm compromise was not a code flaw - it was a failure in trust validation. Credential theft enabled persistent supply chain poisoning due to lack of enforced MFA and session verification at every publish event.

Apr 1, 2026