URGENT WARNING FOR ALL WEB DEVELOPERS: If you are building with JavaScript, React, Next.js, or Node.js, you need to check your code right now. The massively popular npm package axios was hijacked in a supply-chain attack. If you ran an install or a build on March 31st, your environment variables, database passwords, and cloud keys might already be stolen.
Here is everything you need to know to secure your projects and servers immediately!
๐จ COMPROMISED VERSIONS: 1.14.1 and 0.30.4
๐ MALICIOUS DEPENDENCY: plain-crypto-js
โ SAFE VERSION TO PIN: 1.14.0
๐ ๏ธ ACTION PLAN (Do this right now):
1๏ธโฃ Open your package-lock.json, yarn.lock, or bun.lock file.
2๏ธโฃ Search for Axios versions 1.14.1 or 0.30.4.
3๏ธโฃ If found, DOWNGRADE immediately to Axios version 1.14.0.
4๏ธโฃ Delete your node_modules folder and reinstall.
5๏ธโฃ CRITICAL: Rotate ALL your environment variables, API keys, and database passwords immediately. Assume they are already compromised!
Share this video with your dev friends and team members before their keys get stolen too!
#axios #npm #webdevelopment #cybersecurity #javascript #coding
