[neya]

> A competent developer could whip up a more axios-like library with fetch in a day easily.

Then you would have created just an axios clone. AKA re-inventing the wheel. The issue isn't the library itself, but rather the fact that it's popular and provided a large enough attack surface.

You can actually just clone the axios package and use it as is from your private repo and you would not have been affected.

[darepublic]

You would have created a smaller axios that only does what you needed it to. Even better

[neya]

Absolutely.

[bensyverson]

I think we're entering an era where "re-inventing the wheel" is actually a completely valid defensive posture. The cost is so low relative to the reduction in risk.

[littlestymaar]

> AKA re-inventing the wheel.

The wheel is the native fetch API, nobody needs to reinvent it.

All you'd do in that scenario is make your own hubcap to put on top.