We have reviewed Appwrite's production repositories, SDKs, and tooling chain following the recent Axios npm supply chain incident, and confirmed that Appwrite SDKs and tooling were not impacted by the compromised Axios releases.
Our JavaScript and TypeScript SDKs use native platform APIs such as fetch rather than Axios. While no direct exposure was found in Appwrite deliverables, we still added extra safeguards to our TypeScript SDK workflow, including stronger lockfile handling, stricter CI install behavior, and improved dependency visibility during release review.
Read the full security update