Axios npm Package Compromised in Supply Chain Attack

Daniel Curtis — Thu, 02 Apr 2026 13:53:00 GMT

On March 31, 2026, two versions of the Axios library were compromised and found to contain a Remote Access Trojan. The malicious packages were published through a hijacked maintainer account. The Axios team is investigating how the breach occurred and has deprecated the affected versions. Security experts emphasize the need for better dependency management.

By Daniel Curtis

TanStack Start Introduces Import Protection to Enforce Server and Client Boundaries

Daniel Curtis — Tue, 31 Mar 2026 11:52:00 GMT

TanStack Start has introduced a import protection, which aims to prevent server and client code from being mixed in full-stack React applications. This Vite plugin automatically checks imports during development and build processes. It blocks harmful imports by file naming conventions or explicit markers, enhancing security and reducing bugs without requiring additional developer input.

By Daniel Curtis

InfoQ - Application Security

Axios npm Package Compromised in Supply Chain Attack

TanStack Start Introduces Import Protection to Enforce Server and Client Boundaries