axios is a library used by A LOT of npm packages, and it got compromised yesterday. see https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/

I recommend EVERYONE to check if you've been affected by running this inspector.

It's a simple shell script that runs on ALL platforms (Windows, Mac, and Linux)

What the script does

Since this is a sensitive issue, make sure to check the script if you're skeptical https://github.com/cocktailpeanut/axios-inspector/blob/main/scan.sh

You can use the scan.sh script by passing any root path. For example you may want to scan the entire system, and for that you can run:

./scan.sh /

or to scan your home directory:

./scan.sh ~

If you see this after scanning, you are fine:

What the 1-click launcher does

the 1-click launcher checks the entire pinokio system. so when you run it and have no issues, it means your apps in pinokio are fine.

Just click the "Scan" tab and it should run the scan to find if there are any issues.

Closing thoughts

We saw a similar supply chain attack just last week with LiteLLM, and again with axios. I think we will start seeing a lot of these problems and it will only accelerate because of AI.

So i'm planning to make security #1 priority going forward.

Speaking of which, the next version of pinokio (coming this week) will include features that will ensure we will be protected from this type of global hacks.