Olivia
Online
farzaan
@justfarzaan
Building and Shipping |
Joined February 2025
138 Following
13 Followers
138 Posts
ย Pinned Tweet
What started as a small feature back in April, turned into a full-fledged app today.
I've truly enjoyed building this product and sharing it with this amazing community.
There's definitely more to come ๐ฅ
Finally launched KnowMyDocs๐
I was tired of AI that lose context, hallucinate, and hide what theyโre doing.
So I built a tool to chat with documents - now with transparency, and control.
Create projects, have advanced controls and get answers instantly.
https://t.co/SXHEqyUWiG
Someone just hijacked the npm account of axios's lead maintainer, swapped his email to a burner ProtonMail, and published poisoned versions of a package that 100 million developers install every week.
The attacker didn't touch the axios source code. They added one line to the dependency list: [email protected], a package that didn't exist 24 hours ago. That single line triggers a postinstall script the second npm processes the package. You don't import it. You don't call it. It fires on install.
The staging was surgical. 18 hours before the attack, they published a clean version of plain-crypto-js to build publishing history on npm so automated scanners wouldn't flag a brand new account. Then at 23:59 UTC on March 30 they pushed the real payload. Both [email protected] and [email protected] went live within 39 minutes of each other.
The payload is a three-platform RAT. macOS gets a binary disguised under Apple's cache naming conventions. Windows gets a hidden PowerShell script with execution policy bypassed. Linux gets a Python RAT dropped into /tmp. After deployment, the dropper deletes itself, strips the postinstall hook from package.json, and replaces it with a clean stub. A developer inspecting node_modules after infection finds nothing.
Here's how they got in. Every legitimate axios release is published through GitHub Actions using npm's OIDC Trusted Publisher mechanism, cryptographically tied to a verified workflow. This release broke that pattern completely. Published manually via a stolen npm access token. No OIDC binding. No GitHub commit. No tag. The entire CI/CD security pipeline was irrelevant because the attacker never used it.
Socket's automated detection flagged the malicious package in six minutes. Six minutes is fast. But npm install runs in seconds. Every CI/CD pipeline, every developer machine, every production deploy that pulled the latest axios in that window is potentially running a remote access trojan right now.
The companies shipping code the fastest have the least visibility into what's underneath it.
There is a project on GitHub called Axios.
Axios is extremely popular. It is used by millions upon millions of applications.
Axios is a programming library that helps your JavaScript code make HTTP/S requests (communicate with websites).
In simple terms, if you're a programmer doing something with JavaScript, and want to do stuff that communicates with a website in literally any capacity, people heavily recommend using Axios due to its simplicity. Using Axios you don't have to reinvent the wheel and do a bunch of work. All you need to do is import Axios into your code and you're off to the races.
Someone (currently unknown) compromised Axios (currently unknown how) to deliver malware to people. When someone updates or installs Axios, Axios itself contains malware.
What the malware does is (currently) unknown, but it is being reversed engineered by probably every malware analyst on the planet at this moment. In a few hours more details will emerge. Information is being exchanged in real time on social media and private communication platforms as I write this.
Due to the size and popularity of Axios, it is unknown how many are impacted, it could be millions, it could be thousands, or if we're lucky, only hundreds of people or organizations will be impacted.
If this is absolute worst case scenario, millions of organizations across the planet have been infected with malware which (currently) we do not understand. However, the likelihood of this is low. It appears Axios being compromised was detected quickly, potentially within minutes (or hours) of it being compromised to deliver malware. Additionally, the likelihood of every single Axios user updating Axios as soon as it was compromised to deliver malware is astronomically low. It is basically zero.
The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future.
@RealAnkush Another guess is a modern skills-based alternative to college. Project-based learning + guaranteed pathways to jobs. Sustainable model so it funds itself long term.
@RealAnkush Feels like you are building a serious job-first tech ecosystem. Not just teaching coding but making people work on real projects and directly hiring from there. That would actually create real employment at scale.
@primusibi It was too short. Barely 6hrs of playtime.
@FarzaTV ๐ฅ sounds interesting!
@asishcodes using cursor in the big '26 ?
@viditchess Have you deployed any vibe-coded application that you've built?
@Aswin_polymath @mehulmpt They say it can. I have tried multiple times but it always fails to make even the simplest ones. It hallucinates and thinks it has created a job.
I later had to manually add the job in the file and then it started working.
@gregisenberg Guilty,
Is there any saas that organizes them for you?
@veedstudio Excited to try this product out
@LTXStudio Amazing
@p1njc70r Do you get the same result if the prompt is injected at the end or in the middle of the doc?
As part of @theresidency's Delta II, @FarhanSeliya and I are thrilled to introduce CurioPod! We're building the next-gen learning ecosystem to reimagine screen time for your childโs early development.
Parents, this one's for you, stay tuned!
Last Seen Users on Sotwe
Diba Moni
Seen from Germany
๐ธ๐๐โ ๐โ๐ธโ
Seen from France
Ayaz bey
Seen from Turkey
๐ง๐พโโ๏ธโจ๐๐ค๐ค๐ ๐๐๐๐ง๐ฎโจ๐ง๐พโโ๏ธ
Vazadinhos
Seen from France
Verรณnica Dantez
Seen from Mexico
elferado
Seen from United States
encuentros texcoco y alrededores
Seen from Mexico
-Ensest Fantazi Paylaลฤฑm-
Seen from Turkey
Rika Febrina
Seen from Indonesia
Most Popular Users
Elon Musk 
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.5M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.5M followers
Lady Gaga
@ladygaga
73M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.9M followers
Neymar Jr
@neymarjr
62.6M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers