The Signal — April 1, 2026

Three npm supply chain incidents hit in a single 24-hour window on March 31. A compromised maintainer account pushed a remote access trojan through Axios. A separate attack on the LiteLLM AI proxy led to terabytes of corporate data walking out the door. And Anthropic accidentally shipped its own source code in a public package. Each incident broke differently, but the common thread is the same ecosystem that millions of developers trust without much thought.

npm's Terrible, Horrible, No Good, Very Bad Day

Start with Axios, the HTTP client installed in virtually every Node.js project that talks to an API. On March 31, an attacker compromised the npm account of maintainer "jasonsaayman" and published malicious versions (1.14.1 and 0.30.4) containing a hidden dependency called plain-crypto-js. That package deployed a cross-platform remote access trojan. The window was short, roughly three hours between 00:21 and 03:29 UTC, but Axios has millions of downstream dependents. StepSecurity published the initial disclosure, with Simon Willison, The Hacker News, and Help Net Security corroborating.

Separately, the hacking group TeamPCP compromised the open-source LiteLLM AI proxy library, a tool used by thousands of companies to route calls between AI providers. AI recruiting startup Mercor confirmed it was breached through the compromised dependency, with attackers allegedly exfiltrating 4TB of data including source code, databases, and personal information. Mercor says it was "one of thousands of companies" affected. Google Threat Intelligence has stated the Axios attack appears unrelated to TeamPCP's campaign, meaning this was two separate groups hitting npm on the same day.

The third incident was self-inflicted. Security researcher Chaofan Shou discovered that Anthropic had published Claude Code v2.1.88 to npm with an unobfuscated source map still attached. The 60MB file exposed roughly 512,000 lines of TypeScript: the full source of Anthropic's flagship coding tool, readable by anyone who knew where to look. The Verge, Fortune, and The Register all covered it. This is Anthropic's second security lapse in days, following the Mythos document leak we covered on March 28.

The pattern here isn't coordinated. It's structural. npm's trust model assumes that published packages contain what the publisher intended, and that the publisher is who they claim to be. Two of these three incidents broke those assumptions simultaneously, and the third was a careless accident that the ecosystem had no mechanism to catch. When we covered the tj-actions supply chain attack on March 26, we noted the fragility of open-source dependency chains. Five days later, npm delivered a triple demonstration.

Sources: StepSecurity · Simon Willison · The Hacker News · Help Net Security · TechCrunch · The Register · The Verge

Qwen3.5 Omni: Alibaba Ships a Native Multimodal Model

Alibaba's Qwen team released Qwen3.5 Omni on March 30, a model that processes text, images, audio, and video natively in a single pass while generating both text and streaming speech output. The headline numbers: a 10-hour audio context window and support for up to 4 million video frames.

What makes this notable isn't any one capability but the integration. Most multimodal systems bolt different modalities onto a text backbone. Qwen3.5 Omni handles them all as first-class inputs, which matters for real-time interaction where switching between modalities mid-conversation needs to be seamless. It's open-weights, which means researchers and developers can run it locally. The multimodal race has been led primarily by US frontier labs (Google's Gemini, OpenAI's GPT-4o). An open-weights Chinese model matching that ambition shifts the competitive dynamics.

Sources: Qwen blog · MarkTechPost

Oracle Cuts Thousands to Buy GPUs

Oracle started notifying employees of mass layoffs on March 31, with CNBC confirming cuts "in the thousands." TNW reports the total could reach 30,000. The BBC reports approximately 10,000 jobs gone so far, based on drops in Oracle's internal Slack activity. The company's restructuring plan could cost up to $2.1 billion in fiscal 2026, almost entirely in severance.

The context: Oracle's stock has dropped 25% year-to-date as investors question its massive capital spending on AI data centers. The layoff announcement reversed that slide, with shares rising roughly 2%. The market read the move as Oracle freeing up budget for infrastructure. Cut payroll, buy compute. Shares go up. The pattern has been repeating across tech for months.

Sources: CNBC · TNW · BBC · Reuters · Forbes

On the Editor's Desk

OpenAI's fundraise officially closed at $122 billion, up from the $120 billion figure we reported on March 28. The new detail is a $3 billion retail investor component. At an $852 billion valuation, OpenAI is now more valuable than most public tech companies without actually being public. We're not running it as a story because we've covered this round three times already; the delta between $120B and $122B doesn't clear the bar.

Also on the desk today: Salesforce overhauled Slack with 30+ AI features, including MCP client support and reusable "AI skills" for Slackbot. Legitimate update, but enterprise AI integration is incremental news unless it changes how people actually work. Australia and Anthropic signed a memorandum of understanding on AI safety cooperation, with AUD$3M in university research partnerships. Important for the policy landscape, better suited for a dedicated roundup than today's security-heavy edition.