Axios npm Supply Chain Incident Impacting @usebruno/cli
Impact This is a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Potential impact includes: Execution of a malicious postinstall script Remote Access Trojan (RAT) installation Exfiltration of credentials and sensitive data Not impacted: …