March 31 Was a Wake-Up Call for the Dev Ecosystem

March 31 was one of those days for cybersecurity.

Axios got compromised through npm and briefly turned into a malware delivery system. Around the same time, Anthropic accidentally exposed a massive chunk of its internal Claude tooling through an npm package.

Two very different incidents. Same surface area. The developer ecosystem.

NPM isn't the problem, the pattern is#

This didn't come out of nowhere. Over the past year, npm has been hit again and again:

• account takeovers
• typosquatting
• poisoned packages
• dependency confusion

It keeps working because the model works. We install fast and trust by default. Attackers know that.

Quick glossary: types of npm attacks#

Typosquatting is when someone publishes a malicious package with a name almost identical to a real one.

Think:

• axois instead of axios
• reacts instead of react

One small typo, one install, and you've just pulled in something you didn't mean to. No exploit needed. Just human error.

Account takeover is when an attacker gains control of a legitimate maintainer's npm account, typically through phishing, credential stuffing, or leaked credentials, then publishes malicious versions of a trusted package. This is what happened with Axios.

Dependency confusion exploits how package managers resolve names across public and private registries. An attacker publishes a public package with the same name as an internal one, and the package manager picks the public version. Widely documented by researcher Alex Birsan.

Poisoned packages / supply chain attacks are a broader category. The goal is to inject malicious code somewhere upstream: a dependency, a build tool, a CI script. From there it reaches developers or end users automatically.

AI is changing the pace#

What makes this moment different is speed.

AI is helping us build faster, debug faster, ship faster. But it's also helping attackers. They can scan ecosystems, generate payloads, and iterate on attacks way quicker than before. The time between "vulnerability introduced" and "exploit in the wild" is shrinking.

So what actually needs to change?#

All I can think of right now is a minimal dependencies mindset.

We've been treating the ecosystem as inherently safe, as if everything we install is part of our team.

Dependencies are code you didn't write, running inside your app, with your permissions.

Final thought#

March 31 wasn't just about a single incident.

It showed how much of modern software relies on implicit trust. Layers of packages, maintainers, and tools we rarely question.