> March 31, 00:21 UTC: axios@1.14.1 published with plain-crypto-js@4.2.1 injected
> March 31, around 01:00 UTC: axios@0.30.4 published with the same payload
> March 31, around 01:00 UTC: first external detections
> March 31, around 01:00 UTC: community members file issues reporting the compromise. The attacker deletes them using the compromised account.
So it was found out almost immediately.
> March 31, 00:21 UTC: axios@1.14.1 published with plain-crypto-js@4.2.1 injected
> March 31, around 01:00 UTC: axios@0.30.4 published with the same payload
> March 31, around 01:00 UTC: first external detections
> March 31, around 01:00 UTC: community members file issues reporting the compromise. The attacker deletes them using the compromised account.
So it was found out almost immediately.