Sorry For Your Loss, But
When I first saw that axios was hacked, my first feeling was relief, as very early on in my Typescript journey, some kind open source people had shared the joys of replacing old, bloated packages with newer, simpler versions that try to do fewer things:
axioswithnative fetch,itty-fetcher,redaxios,kylodashwithradashNextwithHono,Astro,React Router,TanStack Start, heck even nativeBuncan do 90% of what you needReduxwithZustand,Jotai
Then I felt that anybody in charge of a serious codebase, that's still dependent on axios in 2026, is grifting.
They chose not to modernize, upgrade, reduce bloat. Sandbagging on maintenance to prolong their existence. This particular one has been low-hanging fruit for years.
In the ensloppifying world of code, it is directionally correct to reduce complexity (e.g., LOC) .
Simpler is more secure. Vibe coding will move in this direction, eventually.