01
Axios Supply Chain Attack: How the 2026 npm Compromise Happened
A detailed breakdown of the Axios compromise, the malicious npm releases, and the lessons teams should take from the incident.
securitynpmsupply-chain
Publishing from Git
Writingabout shipping.
React · TailwindCSS · Markdown · SEO · Content systems
A technical blog built from Markdown in Git, designed to ship fast, stay searchable, and sit in the same visual system as the original site.
18Articles
|5 min readLatest read
|Next.jsStack
~ /blog/rodrigo
rodrigo@oler:~$ blog status
articles: 18
focus: SEO, React, TailwindCSS, content systems
publish mode: static export
current pipeline: Markdown -> build -> sitemap/rss
- axios-compromised-how-the-2026-npm-supply-chain-attack-happened
- how-to-detect-and-remove-the-axios-malware-from-your-project
- how-to-protect-javascript-projects-against-supply-chain-attacks
- forced-synchronous-communication-is-the-real-problem
Posts
18
Mode
Next.js
SEO
Static
RSS
On
Markdown Source//SEO-first//Editorial Cadence//React//TailwindCSS//Canonical URLs//RSS//Tags//Markdown Source//SEO-first//Editorial Cadence//React//TailwindCSS//Canonical URLs//RSS//Tags//
Latest Posts
Where the archive starts.
Fresh articles, republished notes, and evergreen technical posts. The list is generated from Markdown at build time.
02
How to Detect and Remove the Axios Malware from Your Project
A practical containment checklist for teams that may have installed the malicious Axios releases.
securitynpmdevops
03
How to Protect JavaScript Projects Against Supply Chain Attacks
A practical set of defenses for JavaScript teams, based on lessons from the Axios incident.
securityjavascriptnpm
04
The Real Problem Is Forced Synchronous Communication
Why some agile rituals create calendar pressure without improving coordination, and how teams can replace them with better async defaults.
agilecommunicationasync
05
How to Deploy a Static Next.js Site with Cloudflare and GitHub Actions
A practical guide to shipping a static Next.js site on Cloudflare Pages with GitHub Actions, plus a safe way to store deployment secrets.
nextjscloudflaregithubactions
06
Pyth Oracle: A Simple Way to Integrate Price Feeds with Bun and Elysia
A practical look at Pyth price feeds, Hermes, and how to expose them through a small Bun + TypeScript + Elysia REST API.
pythoraclebun
Page 1 of 3Next
Topics
Search by focus area.
Clusters that are easy to scan, easy to link, and easy to keep fresh.
4
ai
3
devops
3
npm
3
security
2
agents
2
agile
2
axios
2
bun
2
developer-tools
2
incident-response
2
javascript
2
macos
2
nextjs
2
productivity
2
supply-chain
2
typescript
1
angular
1
angular18
1
api
1
async
1
automation
1
backend
1
binance
1
claude-code
1
cleanup
1
cli
1
cloudflare
1
communication
1
crypto
1
css
1
defi
1
developertools
1
docker
1
elysia
1
engineering
1
front
1
frontend
1
githubactions
1
hono
1
mac
1
malware
1
mcp
1
mixins
1
oracle
1
pyth
1
react
1
responsivedesign
1
scrum
1
scss
1
serena
1
ssd
1
standup
1
static-site
1
storage
1
terminal
1
trading
1
uniswap
1
vmnetd
1
web-development
1
web3
1
xcode
Archive
Every post in one place.
A searchable archive with the same visual DNA as the original site.
March 31, 2026
Axios Supply Chain Attack: How the 2026 npm Compromise Happened
A detailed breakdown of the Axios compromise, the malicious npm releases, and the lessons teams should take from the incident.
March 31, 2026
How to Detect and Remove the Axios Malware from Your Project
A practical containment checklist for teams that may have installed the malicious Axios releases.
March 31, 2026
How to Protect JavaScript Projects Against Supply Chain Attacks
A practical set of defenses for JavaScript teams, based on lessons from the Axios incident.
March 27, 2026
The Real Problem Is Forced Synchronous Communication
Why some agile rituals create calendar pressure without improving coordination, and how teams can replace them with better async defaults.