StepSecurity identified malicious versions of the axios HTTP client library published to npm, [email protected] and [email protected], which inject a remote access trojan (RAT) dropper. Developers who installed these versions should rotate all secrets and credentials, check network logs, and downgrade to safe versions, and StepSecurity provides end-to-end npm supply chain security across three pillars: ...