Axios가 NPM에서 손상됨 - 악성 버전이 원격 액세스 트로이목마를 유포함

Axios Compromised on NPM – Malicious Versions Drop Remote Access Trojan

1881 points 759 comments mtud 2026-03-31 11:54

원문 보기 HN 토론 보기

mtud 2026-03-31 11:54

ENGLISH (원문)

Supply chain woes continue

koolba 2026-03-31 12:28

ENGLISH (원문)

> Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline. Doesn’t npm mandate 2FA as of some time last year? How was that bypassed?

Axios가 NPM에서 손상됨 - 악성 버전이 원격 액세스 트로이목마를 유포함

댓글