Framework axios pushed a broken update, crippling thousands of websites

Framework axios pushed a broken update, crippling thousands of websites
Photo by Pankaj Patel / Unsplash

How did this happen?

Some developers/companies blindly update their packages and deploy to production. Also hobbyists using a CDN, point your script tag to the latest update.

How should we prevent this from happening and secure our application even more?

We should just point our script tags to the specific version we need. No more, no less. Code is very easy to break, every change should be double checked. If you'd rather have the latest update, push your code to a test environment before pushing to production. This can be done through a testing stage during CI/CD.

Same applies to possible hacked or broken dependencies in your project. This is a lesson for all developers.

Sources:

TypeError: axios.get is not a function (v1.1.0) · Issue #5038 · axios/axios
Describe the bug The new version of axios (v1.1.0) is throwing an error for axios.get: TypeError: axios.get is not a function. Note: This issue was not present in v1.0.0 To Reproduce Include axio v...
2022, September 7th
Framework axios pushed a broken update, crippling thousands of websites from programming
2022, September 8th