Moderator
t-p
(@t-p)
I recommend asking your hosting provider. They know the best about the environment of their servers.
I’m not quite sure what you’re referring to. I’m guessing it’s this: https://www.sophos.com/en-us/blog/axios-npm-package-compromised-to-deploy-malware
Axios is a JavaScript library used by npm. As far as I can tell, WordPress itself doesn’t use it: https://github.com/search?q=repo%3AWordPress%2FWordPress%20axios&type=code
However, it is sometimes used by plugins and themes. Sometimes as a tool for blocks or other JavaScript-based interactions. So if you want to make sure your project isn’t affected:
- Install all pending updates for plugins and themes
- Check which plugins and whether your theme might use this package, and if in doubt, contact the respective support team
