/
Published on 01.04.2026
TLDR: On March 31, 2026, attackers compromised an axios npm maintainer account and published two backdoored versions containing a remote access trojan. The attack targets macOS, Windows, and Linux via a postinstall script. If you have axios in your dependency tree, you need to act now.
The Axios Supply Chain Attack: What DevOps Teams Need to Know
TLDR: A second write-up on the same axios attack, this one with more color on the technical mechanics of the RAT delivery. The postinstall script downloads and executes the trojan, then erases evidence of itself. If you ran npm install in the last 24 hours with axios in your graph, assume compromise until proven otherwise.
Millions of JS devs just got penetrated by a RAT…
TLDR: Facehash is a zero-dependency React component that generates deterministic SVG avatar faces from any string input. The same input always produces the same face, with no API calls, no storage, and no external services. It works with Next.js, Vite, and Remix.
Beautiful Minimalist Avatars for React
TLDR: Hermes Agent is an open-source AI agent from Nous Research with a built-in learning loop that creates and refines skills from experience. It maintains persistent memory across sessions and builds a model of the user over time. It supports over 40 tools and multi-platform messaging.
GitHub - NousResearch/hermes-agent: The agent that grows with you
TLDR: A developer from Tunisia, blocked from international freelance work by PayPal's unavailability in their country, turned to writing on DEV Community as an outlet. That writing attracted a technical writing client and launched a new career trajectory. Over a year, they grew to 250,000 readers.
How a Payment Problem Unexpectedly Changed My Career Path in Tech