继LiteLLM后,周下载量超1亿次的Axios也被“投毒”!

继上周,中几乎所有前端开发者都用过的 HTTP 客户端库 Axios 也“惨遭毒手”: 两个官方版本被植入后门,只要在窗口期执行过 npm install,黑客就能拿到你设备的完整控制权。
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

I install Arch BTW – with the new archinstall 4.0

archinstall 4.0 replaces the curses interface with Textual, adds firewall and UKI support, and fundamentally modernizes the ...
eWeek

Maximo Robots Break Solar Installation Records in Southern California

Robots just installed 100 MW of solar power at a major US project, signaling a shift toward AI-driven automation in renewable ...
Techzine Europe

Axios npm package compromised, posing a new supply chain threat

Two versions of the widely used JavaScript library axios were maliciously published on npm on March 31, 2026. A hijacked ...