Attackers swapped in malicious builds for up to four Axios-related npm packages in a sophisticated supply chain compromise, increasing the risk to projects that rely on those dependencies. Developers and wallet users should audit dependencies, pin versions, and monitor accounts for suspicious activity.
A researcher found Shai Hulud malware in more than 400 NPM libraries, including at least 10 crypto packages tied to ENS. The intrusion heightens supply-chain risk for developers and ENS users.