A Review of the TanStack npm Package Poisoning via CI Cache
2026年5月12日Elecmonkey
Isolation between different trust levels failed in an unexpected place. Supply-chain security in the frontend ecosystem still has a long way to go.
Some Thoughts on the Axios 202603 Poisoning Incident: CI Best Practices, Supply Chain Security, and Selection Reflections
2026年4月4日Elecmonkey
The second half seems to go off topic... drifting into reflections on choosing network request libraries, from Axios to the Fetch API