more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...
I was reading through the thread, and it looks like the package mangers have implemented an option that says “only install package versions that are X minutes/days old”. The idea is NPM has had time to act before your package manager installs that new version.
I was reading through the thread, and it looks like the package mangers have implemented an option that says “only install package versions that are X minutes/days old”. The idea is NPM has had time to act before your package manager installs that new version.