On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Spread the loveIn a significant revelation in the landscape of cybersecurity, Google has attributed a recent supply chain attack targeting the popular Axios npm package to a North Korean threat group ...
North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s ...
Google links Axios npm supply chain attack to UNC1069 after trojanized versions 1.14.1 and 0.30.4 spread WAVESHAPER.V2, ...
Anthropic has accidentally exposed Claude Code's full 512,000-line TypeScript source via an npm source map, revealing ...
Microsoft released TypeScript 6.0 on March 23, the last version built on the original JavaScript codebase, with three post-RC changes and a wave of deprecations designed to ready codebases for the ...
☕ Enjoying this project? Support development on Ko-fi to help keep it free and actively maintained!
Generates reports in three formats (terminal, Markdown, JSON) and can compare against a baseline to show deltas — designed for CI workflows that post PR comments with size regressions.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results