The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

Anthropic's Claude Code source has leaked via a packaging error, exposing anti-distillation traps, an undercover mode, and scaffolding for an unreleased agent.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Hackers linked to North Korea breached behind-the-scenes software that runs many common online functions in an effort to ...

A hacker inserted malware in Axios, an open source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Language package managers like pip, npm, and others pose a high risk during active supply chain attacks. However, OS updates ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...