https://diegorodrigo.dev/en/tags/supply-chain/Recent content in Supply Chain on Diego Rodrigohttps://diegorodrigo.dev/blog-image.pnghttps://diegorodrigo.dev/blog-image.pngHugoenCopyright © 2022 - Diego Rodrigo. All rights reserved.Fri, 17 Apr 2026 00:00:00 +0000https://diegorodrigo.dev/en/2026/04/17/the-axios-case-trusting-npm/Fri, 17 Apr 2026 00:00:00 -0300https://diegorodrigo.dev/en/2026/04/17/the-axios-case-trusting-npm/In March 2026, two axios releases shipped with a malicious dependency that ran a RAT at install time. The incident shows where trust in npm actually lives and which defenses are worth the effort for a small team.