The malicious releases were available for about three hours before they were removed, but the brevity of the window has done little to calm alarm because Axios is one of the most heavily used HTTP ...