The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply chains.
AUTO Connected Car News

GlassWorm Supply Chain Cyber Attack Threatens Connected Cars

This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and consequential threats to emerge in the modern era of connected vehicle ...
VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
The Hacker News

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP requests to a REST endpoint with over 70 million weekly ...
GitHub

Claude Code's Entire Source Code Got Leaked via a Sourcemap in npm, Let's Talk About It

There's also a non-zero chance this repo might be taken down, so if you want to play around with it later, or archive it yourself, feel free to fork it & bookmark the external blog link ! Earlier ...
theregister

Anthropic goes nude, exposes Claude Code source by accident

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI ...