This is your reminder to make sure you’re using npm min-release-age, pnpm minimumReleaseAge, or yarn npmMinimalAgeGate to protect your projects. You should also check to ensure your projects are not already compromised. Joe Desimone: Any system that ran npm install (or equivalent) resolving axios@1.14.1 or axios@0.30.4 after 2026-03-31T00:21:58Z may have executed the stage-2 payload. See also the Stage 2 macOS trojan analysis for […]
No comments yet. Log in to reply on the Fediverse. Comments will appear here.