Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
tag
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
13周年庆
Rewards
Square
Latest
Hot
News
Profile
WaitPatientlyForTheR

Gate News: On March 31,, Socket AI issued a security alert stating that the core dependency package axios in the npm ecosystem has been targeted in an active supply chain attack. Its latest version, axios@1.14.1, was injected with a previously unseen malicious package, plain-crypto-js@4.2.1. Socket AI's analysis confirmed that this package is malicious software. axios is downloaded over 100 million times weekly, and all projects updating to the latest version are at potential risk of compromise. Socket AI founder Feross recommends all axios users immediately lock their versions and review their lock files, and avoid upgrading to the latest version.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 1
  • Repost
  • Share
Comment
Add a comment
Add a comment
WaitPatientlyForTheR
· 03-31 04:30
Gate News: On March 31,, Socket AI issued a security alert stating that the core dependency package axios in the npm ecosystem has been targeted by an active supply chain attack. Its latest version, axios@1.14.1, was injected with a previously unseen malicious package, plain-crypto-js@4.2.1. Socket AI's analysis confirmed that this package is malicious software. With over 100 million weekly downloads, all projects pulling the latest version are at potential risk of compromise. Socket AI founder Feross recommends all axios users immediately lock their versions and review their lock files, and avoid upgrading to the latest version.
View OriginalReply0

  • Pin

Sitemap