Identity Manager Community

Forum Axios NPM

State Verified Answer
Replies 3 replies
Subscribers 101 subscribers
Views 481 views
Users 0 members are here

Options

Related

Axios NPM

Ben 1 month ago

Hi,

I was just reading this article (https://www.itnews.com.au/news/supply-chain-attack-hits-300-million-download-axios-npm-package-624699) and see that Axios is part of the node_modules in v10 ("version": "1.12.2" - which is below the compromised version).

Any stance on this by One Identity?

Top Replies

Hanno Bunjes 1 month ago in reply to Ben +1 verified

Hi Ben,

The Axios incident is not the first of its kind, and it will certainly not be the last. We have internal systems that continuously monitor our dependencies. Our security team can be reached at
…

Parents

0 Hanno Bunjes 1 month ago

Hello Ben,

We do not (indirectly or directly) reference any vulnerable versions of the Axios package in our OOTB Angular code. We are monitoring the current situation around this package.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Ben 1 month ago in reply to Hanno Bunjes

Thanks Hanno Bunjes

I think the bigger concern is the amount of reported supply chain attacks that are happening across NPM/GIT recently. It does cause a bit of concern with more and more reliance on open source code. I also remember articles about AI performing supply chain attacks, so this will only get worse and harder to trace.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
+1 Hanno Bunjes 1 month ago in reply to Ben

Hi Ben,

The Axios incident is not the first of its kind, and it will certainly not be the last. We have internal systems that continuously monitor our dependencies. Our security team can be reached at https://trust.oneidentity.com for any further questions.
Cancel
Up +1 Down

Reply

Reject Answer

Cancel

Reply

+1 Hanno Bunjes 1 month ago in reply to Ben

Hi Ben,

The Axios incident is not the first of its kind, and it will certainly not be the last. We have internal systems that continuously monitor our dependencies. Our security team can be reached at https://trust.oneidentity.com for any further questions.
Cancel
Up +1 Down

Reply

Reject Answer

Cancel

Children

No Data