Vibe Coding
Tip: Post-Axios Supply Chain Defense — Audit postinstall Hooks and Watch for Phantom Dependencies
The axios attack pattern is now documented and replicable: add a phantom dependency (never imported in source code) whose sole purpose is a postinstall hook that downloads platform-specific malware. Defense checklist: (1) audit all postinstall scripts in node_modules, (2) flag any dependency not referenced by import/require in the main package, (3) pin exact versions in lockfiles, (4) use CEL now() cooldown rules to block packages published in the last N hours, (5) monitor for package.json self-modification (the RAT replaces its own package.json with a clean copy as anti-forensics).
↳ Follow the thread