The popular Axios JavaScript library has been compromised on the NPM registry with malicious versions that deploy a remote access trojan. This supply chain attack affects one of the most widely used HTTP clients in the Node.js ecosystem, potentially impacting millions of projects. The incident highlights critical security vulnerabilities in the open source package ecosystem.
Background
Axios is one of the most popular HTTP client libraries in the JavaScript ecosystem with over 60 million weekly downloads. Supply chain attacks targeting popular open source packages have become increasingly common and dangerous.
- Source
- Hacker News (RSS)
- Published
- Mar 31, 2026 at 10:54 AM
- Score
- 9.0 / 10