Compromised npm Maintainer Account Publishes Malicious Axios Versions with Backdoor via `plain-crypto-js` Dependency April 1, 2026 · Dev.to Read full story at source