@lightdash/cli

GHSA-3hfp-gqgh-xc5g

npmmalware4/2/2026

Description

Axios supply chain attack - dependency in @lightdash/cli may resolve to compromised axios versions

References (9)

https://github.com/lightdash/lightdash/security/advisories/GHSA-3hfp-gqgh-xc5ggithub_advisory https://github.com/axios/axios/issues/10604github_advisory https://github.com/advisories/GHSA-fw8c-xr5c-95f9github_advisory https://github.com/lightdash/lightdashgithub_advisory https://security.snyk.io/vuln/SNYK-JS-AXIOS-15850650github_advisory https://security.snyk.io/vuln/SNYK-JS-PLAINCRYPTOJS-15850652github_advisory https://socket.dev/blog/axios-npm-package-compromisedgithub_advisory https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.htmlgithub_advisory https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojangithub_advisory

Details

Ecosystemnpm

Attack Typemalware

Published4/2/2026

Affected Versions

0.1800.0

Quick Actions

All Incidents npm Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001