To quote the article: "This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package". A very scary hack, if you're a developer. (For non developers: I would not like to guess how many websites will have axios in their Javascript – these days, there's a fair chance the answer is "most".). In practical terms, it's nothing for non-devs to worry about directly – the attack is focused on the servers that hold the javascript, rather than the users of the websites – but indirectly, the number of computers that might have been compromised is terrifying.