{"id":19360,"date":"2026-03-31T15:47:46","date_gmt":"2026-03-31T15:47:46","guid":{"rendered":"https:\/\/www.comet.com\/site\/?p=19360"},"modified":"2026-03-31T15:47:47","modified_gmt":"2026-03-31T15:47:47","slug":"axios-supply-chain-attack","status":"publish","type":"post","link":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/","title":{"rendered":"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now"},"content":{"rendered":"\n<p>On March 31, 2026, the npm package axios \u2014 one of the most widely used HTTP client libraries in the JavaScript ecosystem \u2014 was compromised in a supply chain attack. This is the second major supply chain incident to hit the open-source community in just one week, following the <a href=\"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/\">LiteLLM compromise on March 24<\/a>.<\/p>\n\n\n\n<p>Here&#8217;s what happened, how Comet responded, and what you should do to protect your systems.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-happened\">What Happened<\/h2>\n\n\n\n<p>A compromised version of axios (<code>1.14.1<\/code>) was published to npm containing a new malicious dependency: <code>plain-crypto-js@4.2.1<\/code>. This package did not exist before the attack \u2014 it was created minutes before the compromised axios version was published and has no corresponding source code in any public repository.<\/p>\n\n\n\n<p>Because axios uses <a href=\"https:\/\/semver.org\/\">semver<\/a> versioning and most projects depend on it with caret ranges (e.g., <code>^1.13.4<\/code>), any project that ran <code>npm install<\/code> without a lockfile during the attack window would have automatically pulled in the compromised version.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-impact-scale\">Impact Scale<\/h2>\n\n\n\n<p>Axios is one of npm&#8217;s most depended-on packages, with over 60 million weekly downloads. It&#8217;s used by countless frontend applications, backend services, CLI tools, and CI\/CD pipelines across the industry.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-payload-a-full-remote-access-trojan\">The Payload: A Full Remote Access Trojan<\/h2>\n\n\n\n<p>Unlike simpler supply chain attacks that grab environment variables, this attack deployed a <strong>persistent remote access trojan (RAT)<\/strong> with full command-and-control capabilities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-how-the-attack-chain-works\">How the attack chain works:<\/h3>\n\n\n\n<p><strong>Stage 1 \u2014 Delivery:<\/strong> The malicious <code>plain-crypto-js<\/code> package runs a <code>postinstall<\/code> hook (<code>setup.js<\/code>) that uses two-layer obfuscation \u2014 reversed Base64 encoding combined with an XOR cipher (key: <code>OrDeR_7077<\/code>) \u2014 to evade static analysis and security scanners.<\/p>\n\n\n\n<p><strong>Stage 2 \u2014 Platform-specific backdoor installation:<\/strong> The dropper detects the operating system and deploys a tailored backdoor:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>macOS:<\/strong> Downloads a Mach-O binary to <code>\/Library\/Caches\/com.apple.act.mond<\/code>, disguised as an Apple system daemon. It launches via AppleScript to evade process-tree detection.<\/li>\n\n\n\n<li><strong>Windows:<\/strong> Copies PowerShell to <code>%PROGRAMDATA%\\wt.exe<\/code>, downloads a <code>.ps1<\/code> payload via VBScript, and executes it hidden from the user.<\/li>\n\n\n\n<li><strong>Linux:<\/strong> Downloads a Python script to <code>\/tmp\/ld.py<\/code> and runs it in the background via <code>nohup<\/code>.<\/li>\n<\/ul>\n\n\n\n<p><strong>Stage 3 \u2014 Remote access trojan:<\/strong> Once installed, the backdoor beacons to a command-and-control server (<code>sfrclak[.]com:8000<\/code>) every 60 seconds via HTTP POST, using a fake Internet Explorer user agent string. It collects system fingerprinting data including hostname, username, OS version, timezone, CPU type, running processes, and directory listings.<\/p>\n\n\n\n<p>The RAT supports four commands from the attacker:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>peinject<\/code> \u2014 deploy additional binary payloads (further malware)<\/li>\n\n\n\n<li><code>runscript<\/code> \u2014 execute arbitrary shell commands or AppleScript<\/li>\n\n\n\n<li><code>rundir<\/code> \u2014 enumerate the filesystem with metadata<\/li>\n\n\n\n<li><code>kill<\/code> \u2014 terminate the RAT process<\/li>\n<\/ul>\n\n\n\n<p>This means the attacker doesn&#8217;t just steal your data once \u2014 they maintain persistent access to execute anything on your machine at any time.<\/p>\n\n\n\n<p><strong>Stage 4 \u2014 Anti-forensics:<\/strong> After execution, the payload self-deletes the dropper script and overwrites its own <code>package.json<\/code> to remove traces of the malicious code, making post-incident detection significantly harder.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-comet-responded\"><strong>How Comet Responded<\/strong><\/h2>\n\n\n\n<p>Having just dealt with the <a href=\"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/\">LiteLLM supply chain attack<\/a> one week earlier, our team was already on high alert. When the axios compromise was flagged by the community on the morning of March 31, we had a response running within minutes.<\/p>\n\n\n\n<p>Our response included:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Immediate repository audit:<\/strong> A full scan of all JavaScript and TypeScript repositories across the organization \u2014 every <code>package.json<\/code>, every lockfile (<code>package-lock.json<\/code>, <code>yarn.lock<\/code>, <code>pnpm-lock.yaml<\/code>), and every <code>node_modules<\/code> directory was checked for the malicious <code>plain-crypto-js<\/code> package and for any resolved axios version matching 1.14.x.<\/li>\n\n\n\n<li><strong>CI\/CD build audit:<\/strong> We reviewed three days of GitHub Actions workflow runs across all active repositories, checking for any builds that may have pulled the compromised version during the attack window.<\/li>\n\n\n\n<li><strong>Developer machine scans: <\/strong>We built and open-sourced a <a href=\"https:\/\/gist.github.com\/Nimrod007\/13ad665e473221b4d5da7a85f26c79c5\">scanner script<\/a> that checks all lockfiles, node_modules, and global installs for any trace of the compromised package. We distributed it across the entire engineering team within minutes. You can use it too \u2014 just run:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>bash\nbash &lt;(curl -sL https:\/\/gist.githubusercontent.com\/Nimrod007\/13ad665e473221b4d5da7a85f26c79c5\/raw\/check_axios_compromise.sh)<\/code><\/pre>\n\n\n\n<p>The script scans your machine and reports CLEAN or COMPROMISED in seconds. Feel free to copy it and share it across your organization.<\/p>\n\n\n\n<p><strong>Production verification: <\/strong>Confirmed all production and single-tenant SaaS environments were unaffected \u2014 these are containerized with no live <code>npm install<\/code> operations.<\/p>\n\n\n\n<p><strong>Result: No Comet systems were compromised. <\/strong>All lockfiles pinned axios to safe versions (1.13.x and earlier), and no build or developer machine showed any trace of the malicious package.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-lessons-from-two-attacks-in-one-week\">Lessons from Two Attacks in One Week<\/h2>\n\n\n\n<p>The LiteLLM and axios attacks share a common theme: they exploit the trust developers place in package managers to deliver safe code. But they also highlight what works as a defense:<\/p>\n\n\n\n<p><strong>1. Lockfiles saved us \u2014 twice.<\/strong> In both incidents, committed lockfiles (<code>package-lock.json<\/code>, <code>poetry.lock<\/code>, <code>uv.lock<\/code>) prevented automatic resolution to compromised versions. This is the single most effective defense against supply chain attacks.<\/p>\n\n\n\n<p><strong>2. Fast detection matters.<\/strong> Our engineering team flagged the axios compromise within hours of publication. Having been through the LiteLLM incident just days earlier, the team was already sensitized to supply chain risks and responded immediately.<\/p>\n\n\n\n<p><strong>3. Scanning infrastructure pays off.<\/strong> The scanner scripts and audit processes we built for the LiteLLM response were adapted and redeployed within minutes for the axios incident. Investing in incident response tooling compounds over time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-check-if-you-re-affected\"><strong>How to Check If You&#8217;re Affected<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-check-your-lockfiles\"><strong>Check your lockfiles<\/strong><\/h3>\n\n\n\n<p>Search all your JavaScript\/TypeScript projects for the malicious package:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>bash\n# Search for the malicious dependency in lockfiles\ngrep -r \"plain-crypto-js\" ~\/path\/to\/your\/projects\/\n\n# Check if any lockfile resolves axios to 1.14.x\ngrep \"axios\/-\/axios-1.14\" ~\/path\/to\/your\/projects\/**\/package-lock.json<\/code><\/pre>\n\n\n\n<p>If either command returns results, treat the system as potentially compromised.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-check-your-node-modules\">Check your node_modules<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>bash\n# Check for the malicious package installed anywhere\nfind ~ -maxdepth 6 -name \"node_modules\" -type d -exec test -d \"{}\/plain-crypto-js\" \\; -print<\/code><\/pre>\n\n\n\n<p>If <code>plain-crypto-js<\/code> appears in any <code>node_modules<\/code>, that project has been compromised.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-mitigation-steps\">Mitigation Steps<\/h2>\n\n\n\n<p><strong>If you are NOT affected:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Verify your lockfiles are committed to version control<\/li>\n\n\n\n<li>Consider pinning critical dependencies to exact versions (e.g., <code>\"axios\": \"1.13.4\"<\/code> instead of <code>\"^1.13.4\"<\/code>)<\/li>\n\n\n\n<li>Use <code>npm ci<\/code> instead of <code>npm install<\/code> in CI\/CD pipelines for deterministic builds<\/li>\n\n\n\n<li>Enable dependency scanning tools like <a href=\"https:\/\/socket.dev\/\">Socket.dev<\/a>, <code>npm audit<\/code>, or GitHub Dependabot<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-if-you-are-affected\">If you ARE affected:<\/h2>\n\n\n\n<p><strong>1. Stop immediately<\/strong> \u2014 do not run any npm, yarn, or pnpm commands<br><strong>2. Delete<\/strong> the affected <code>node_modules<\/code> directory and lockfile<br><strong>3. Check for persistence<\/strong> \u2014 look for files at the known dropper locations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>macOS: <code>\/Library\/Caches\/com.apple.act.mond<\/code><\/li>\n\n\n\n<li>Windows: <code>%PROGRAMDATA%\\wt.exe<\/code><\/li>\n\n\n\n<li>Linux: <code>\/tmp\/ld.py<\/code><\/li>\n<\/ul>\n\n\n\n<p><strong>4. Rotate all credentials<\/strong> \u2014 API keys, tokens, SSH keys, cloud credentials, and any secrets that were present on the compromised system<br><strong>5. Reinstall from clean lockfile<\/strong> \u2014 use a known-good lockfile and run <code>npm ci<\/code><br><strong>6. Monitor for unauthorized access<\/strong> \u2014 check cloud provider audit logs for suspicious activity<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-current-status\">Current Status<\/h2>\n\n\n\n<p>The compromised <code>axios@1.14.1<\/code> has been permanently removed from npm. Running <code>npm install axios<\/code> now resolves to safe versions. The malicious <code>plain-crypto-js@4.2.1<\/code> has also been removed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-stay-vigilant\">Stay Vigilant<\/h2>\n\n\n\n<p>Two major supply chain attacks in one week is a stark reminder that the open-source ecosystem remains a high-value target. The defenses that protected Comet \u2014 committed lockfiles, fast incident response, and a culture of security awareness \u2014 are available to every engineering team. The question is whether they&#8217;re in place before the next attack hits.<\/p>\n\n\n\n<p>&#8212;<\/p>\n\n\n\n<p><em>For more details on the LiteLLM incident from last week, see our previous post: <a href=\"https:\/\/www.comet.com\/site\/blog\/litellm-supply-chain-attack\/\">LiteLLM Supply Chain Attack: What Happened, Who&#8217;s Affected, and What You Should Do Right Now<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>On March 31, 2026, axios \u2014 one of npm most popular packages \u2014 was compromised with a remote access trojan. Here is what happened, how Comet responded within minutes, and what you should do to protect your systems.<\/p>\n","protected":false},"author":139,"featured_media":19318,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"customer_name":"","customer_description":"","customer_industry":"","customer_technologies":"","customer_logo":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[10,23,65,9],"tags":[],"coauthors":[352],"class_list":["post-19360","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry","category-integrations","category-llmops","category-product"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now<\/title>\n<meta name=\"description\" content=\"Here&#039;s what happened, how Comet responded, and what you should do to protect your systems.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now\" \/>\n<meta property=\"og:description\" content=\"Here&#039;s what happened, how Comet responded, and what you should do to protect your systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Comet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cometdotml\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-31T15:47:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-31T15:47:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1440\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nimrod Lahav\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Cometml\" \/>\n<meta name=\"twitter:site\" content=\"@Cometml\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nimrod Lahav\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now","description":"Here's what happened, how Comet responded, and what you should do to protect your systems.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/","og_locale":"en_US","og_type":"article","og_title":"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now","og_description":"Here's what happened, how Comet responded, and what you should do to protect your systems.","og_url":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/","og_site_name":"Comet","article_publisher":"https:\/\/www.facebook.com\/cometdotml","article_published_time":"2026-03-31T15:47:46+00:00","article_modified_time":"2026-03-31T15:47:47+00:00","og_image":[{"width":2560,"height":1440,"url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","type":"image\/png"}],"author":"Nimrod Lahav","twitter_card":"summary_large_image","twitter_creator":"@Cometml","twitter_site":"@Cometml","twitter_misc":{"Written by":"Nimrod Lahav","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#article","isPartOf":{"@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/"},"author":{"name":"Nimrod Lahav","@id":"https:\/\/www.comet.com\/site\/#\/schema\/person\/4a54423cd21e28c248c2a6a5d9ca2017"},"headline":"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now","datePublished":"2026-03-31T15:47:46+00:00","dateModified":"2026-03-31T15:47:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/"},"wordCount":1080,"commentCount":0,"publisher":{"@id":"https:\/\/www.comet.com\/site\/#organization"},"image":{"@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","articleSection":["Industry","Integrations","LLMOps","Product"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/","url":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/","name":"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now","isPartOf":{"@id":"https:\/\/www.comet.com\/site\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","datePublished":"2026-03-31T15:47:46+00:00","dateModified":"2026-03-31T15:47:47+00:00","description":"Here's what happened, how Comet responded, and what you should do to protect your systems.","breadcrumb":{"@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#primaryimage","url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","contentUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","width":2560,"height":1440},{"@type":"BreadcrumbList","@id":"https:\/\/www.comet.com\/site\/blog\/axios-supply-chain-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.comet.com\/site\/"},{"@type":"ListItem","position":2,"name":"Axios Supply Chain Attack: What Happened, How We Responded, and What You Should Do Right Now"}]},{"@type":"WebSite","@id":"https:\/\/www.comet.com\/site\/#website","url":"https:\/\/www.comet.com\/site\/","name":"Comet","description":"Build Better Models Faster","publisher":{"@id":"https:\/\/www.comet.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.comet.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.comet.com\/site\/#organization","name":"Comet ML, Inc.","alternateName":"Comet","url":"https:\/\/www.comet.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comet.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2025\/01\/logo_comet_square.png","contentUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2025\/01\/logo_comet_square.png","width":310,"height":310,"caption":"Comet ML, Inc."},"image":{"@id":"https:\/\/www.comet.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/cometdotml","https:\/\/x.com\/Cometml","https:\/\/www.youtube.com\/channel\/UCmN63HKvfXSCS-UwVwmK8Hw"]},{"@type":"Person","@id":"https:\/\/www.comet.com\/site\/#\/schema\/person\/4a54423cd21e28c248c2a6a5d9ca2017","name":"Nimrod Lahav","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.comet.com\/site\/#\/schema\/person\/image\/32c89ff6d2f054014472f77885cf369b","url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/nimrod-lahav-96x96.jpeg","contentUrl":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/nimrod-lahav-96x96.jpeg","caption":"Nimrod Lahav"},"description":"A computer scientist and software engineer, Nimrod is Comet's co-founder and CTO. He held leadership and engineering roles at Wix, VMware and Amdocs. He later co-founded GroupWize, whose team trained and deployed more than 50 natural language processing (NLP) models in 15 languages to analyze chat messages. He holds a bachelor\u2019s degree from the Academic College of Tel Aviv, Yaffo (MTA).","url":"https:\/\/www.comet.com\/site\/blog\/author\/nimrod\/"}]}},"jetpack_featured_media_url":"https:\/\/www.comet.com\/site\/wp-content\/uploads\/2026\/03\/comet-logo-larger.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts\/19360","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/users\/139"}],"replies":[{"embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/comments?post=19360"}],"version-history":[{"count":2,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts\/19360\/revisions"}],"predecessor-version":[{"id":19398,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/posts\/19360\/revisions\/19398"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/media\/19318"}],"wp:attachment":[{"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/media?parent=19360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/categories?post=19360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/tags?post=19360"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.comet.com\/site\/wp-json\/wp\/v2\/coauthors?post=19360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}