The Axios npm supply chain attack: a North Korean trojan inside the world's most popular HTTP library
On March 31, 2026, someone hijacked the npm account of the lead Axios maintainer and published two poisoned versions of one of the most-downloaded packages in the JavaScript ecosystem. Axios pulls over 100 million weekly downloads. If you've built an...
hintas.blog6 min read