security: Mitigating the Axios npm supply chain compromise

Microsoft reported that Axios was hit by a supply chain attack on March 31, 2026. Malicious npm releases 1.14.1 and 0.30.4 were used to fetch content from a C2 server linked to the North Korean actor Sapphire Sleet; the compromised versions have since been removed.

• Source: Microsoft Security Blog