Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and ...
How-To Geek on MSN

Stop using Claude as just a chatbot—MCP changes everything

MCP is the MVP.
Tom's Hardware on MSN

One of JavaScript's most popular libraries compromised by hackers

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
GitHub

ultrajson/ultrajson: Ultra fast JSON decoder and encoder written in C with Python bindings

UltraJSON's architecture is fundamentally ill-suited to making changes without risk of introducing new security vulnerabilities. As a result, this library has been put into a maintenance-only mode.
GitHub

srsly: Modern high-performance serialization utilities for Python

Additionally, it includes a heavily customized fork of msgpack-numpy, with corrected round-trip behaviour for np.float64 objects. This will automatically install/upgrade all dependencies. numpy and ...