Kripto AlPiyasalarSpotVadeli İşlemlerGOLDBirikimEtkinlik Merkezi
Daha Fazla
Gold vs Crypto
The post Expert Warns of Critical, Ongoing Supply Chain Attack on Axios appeared on BitcoinEthereumNews.com. Home » Crypto News One of NPM’s most depended-on packagesThe post Expert Warns of Critical, Ongoing Supply Chain Attack on Axios appeared on BitcoinEthereumNews.com. Home » Crypto News One of NPM’s most depended-on packages

Expert Warns of Critical, Ongoing Supply Chain Attack on Axios

Yazar: BitcoinEthereumNews
Kaynak: BitcoinEthereumNews
2026/03/31 12:36
Okuma süresi: 3 dk
Helium Mobile
MOBILE$0.0001479-4.33%
Safe Road Club
SRC$0.001856+0.05%
NODE
NODE$0.01271-1.24%
Bu içerikle ilgili geri bildirim veya endişeleriniz için lütfen crypto.news@mexc.com üzerinden bizimle iletişime geçin.

Home » Crypto News


One of NPM’s most depended-on packages is under an ongoing supply chain attack.

‘;
}
function loadTrinityPlayer(targetWrapper, theme,extras=””) {
cleanupPlayer(targetWrapper); // Always clean first ✅
targetWrapper.classList.add(‘played’);
// Create script
const scriptEl = document.createElement(“script”);
scriptEl.setAttribute(“fetchpriority”, “high”);
scriptEl.setAttribute(“charset”, “UTF-8”);
const scriptURL = new URL(`https://trinitymedia.ai/player/trinity/2900019254/?themeAppearance=${theme}${extras}`);
scriptURL.searchParams.set(“pageURL”, window.location.href);
scriptEl.src = scriptURL.toString();
// Insert player
const placeholder = targetWrapper.querySelector(“.add-before-this”);
placeholder.parentNode.insertBefore(scriptEl, placeholder.nextSibling);
}
function getTheme() {
return document.body.classList.contains(“dark”) ? “dark” : “light”;
}
// Initial Load for Desktop
if (window.innerWidth > 768) {
const desktopBtn = document.getElementById(“desktopPlayBtn”);
if (desktopBtn) {
desktopBtn.addEventListener(“click”, function () {
const desktopWrapper = document.querySelector(“.desktop-player-wrapper.trinity-player-iframe-wrapper”);
if (desktopWrapper) loadTrinityPlayer(desktopWrapper, getTheme(),’&autoplay=1′);
});
}
}
// Mobile Button Click
const mobileBtn = document.getElementById(“mobilePlayBtn”);
if (mobileBtn) {
mobileBtn.addEventListener(“click”, function () {
const mobileWrapper = document.querySelector(“.mobile-player-wrapper.trinity-player-iframe-wrapper”);
if (mobileWrapper) loadTrinityPlayer(mobileWrapper, getTheme(),’&autoplay=1′);
});
}
function reInitButton(container,html){
container.innerHTML = ” + html;
}
// Theme switcher
const destroyButton = document.getElementById(“checkbox”);
if (destroyButton) {
destroyButton.addEventListener(“click”, () => {
setTimeout(() => {
const theme = getTheme();
if (window.innerWidth > 768) {
const desktopWrapper = document.querySelector(“.desktop-player-wrapper.trinity-player-iframe-wrapper”);
if(desktopWrapper.classList.contains(‘played’)){
loadTrinityPlayer(desktopWrapper, theme,’&autoplay=1′);
}else{
reInitButton(desktopWrapper,’Listen‘)
const desktopBtn = document.getElementById(“desktopPlayBtn”);
if (desktopBtn) {
desktopBtn.addEventListener(“click”, function () {
const desktopWrapper = document.querySelector(“.desktop-player-wrapper.trinity-player-iframe-wrapper”);
if (desktopWrapper) loadTrinityPlayer(desktopWrapper,theme,’&autoplay=1’);
});
}
}
} else {
const mobileWrapper = document.querySelector(“.mobile-player-wrapper.trinity-player-iframe-wrapper”);
if(mobileWrapper.classList.contains(‘played’)){
loadTrinityPlayer(mobileWrapper, theme,’&autoplay=1′);
}else{
const mobileBtn = document.getElementById(“mobilePlayBtn”);
if (mobileBtn) {
mobileBtn.addEventListener(“click”, function () {
const mobileWrapper = document.querySelector(“.mobile-player-wrapper.trinity-player-iframe-wrapper”);
if (mobileWrapper) loadTrinityPlayer(mobileWrapper,theme,’&autoplay=1′);
});
}
}
}
}, 100);
});
}
})();


Summarize with AI


Summarize with AI

According to Feross Aboukhadijeh, co-founder of security-oriented firm Socket Security, there is an active supply chain on Axios, which is one of npm’s most depended-on packages.

NPM stands for Node Package Manager and is basically the world’s largest software registry, hosting more than two million packages of open-source JavaScript code. An argument can be made that it’s the backbone of modern Web3 development.

According to Feross, the latest [email protected] is currently pulling in [email protected], which is a package that did not exist before today, suggesting that it’s a live compromise.

The malicious software can perform a range of actions, including deleting and renaming artifacts post-execution to destroy forensic evidence, staging and copying payload files to the OS temp and Windows ProgramData directories, executing decoded shell commands, and more.

The expert recommends that developers who use axios immediately pin their versions and audit their lockfiles, while refraining from any updates for the time being.

SPECIAL OFFER (Exclusive)

Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).

LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!

Source: https://cryptopotato.com/expert-warns-of-critical-ongoing-supply-chain-attack-on-axios/

Piyasa Fırsatı
Helium Mobile Logosu
Helium Mobile Fiyatı(MOBILE)
$0.0001479
$0.0001479$0.0001479
-2.24%
USD
Helium Mobile (MOBILE) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen crypto.news@mexc.com ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

Ripple Moves Closer to Bank Approval as US Banking Rule Starts April 1

Ripple Moves Closer to Bank Approval as US Banking Rule Starts April 1

The post Ripple Moves Closer to Bank Approval as US Banking Rule Starts April 1 appeared on BitcoinEthereumNews.com. Ripple is moving closer to a key banking milestone
Paylaş
BitcoinEthereumNews2026/03/31 19:34
Bitcoin, Ethereum, XRP, Dogecoin Hold Steady As Federal Reserve Cuts 25 Basis Points

Bitcoin, Ethereum, XRP, Dogecoin Hold Steady As Federal Reserve Cuts 25 Basis Points

Crypto markets traded sideways after the Federal Reserve announced a 25-basis points rate cut, a move widely expected by traders.read more
Paylaş
Coinstats2025/09/18 03:26
Official USA Token: Born in the U.S.A. (U.S.A.) Is a Fully Decentralized Solana Token With 348 Million Supply

Official USA Token: Born in the U.S.A. (U.S.A.) Is a Fully Decentralized Solana Token With 348 Million Supply

The Official USA Token — Born in the U.S.A. (U.S.A.) is emerging as one of the most unique and fully decentralized tokens in the blockchain space. Built on the
Paylaş
Techbullion2026/03/31 19:11