Axios — one of the most downloaded JavaScript libraries on the planet — was compromised in a supply chain attack today. It's so common that I remember it being one of the first packages I installed ...

State-backed hackers compromised a widely used open-source JavaScript library, turning routine software updates into a delivery mechanism for attacks aimed at US companies and cryptocurrency assets.

The popular JavaScript library Axios was compromised by hackers who injected a remote access trojan into two malicious versions, axios@1.14.1 and axios@0.30.4. The attack targeted developer machines ...

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...

Google's security researchers have submitted a report investigating the Axios JavaScript library's supply chain attack that resulted in the installation of a remote access Trojan. Google has concluded ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named ...

JavaScript client library for consuming OpenAPI-enabled APIs with axios. Types included. client is an axios instance initialized with baseURL from OpenAPI definitions and extended with extra operation ...

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...

Suspected North Korean hackers briefly seized control of the Axios JavaScript library, used by thousands of companies, to push malicious updates in a precision supply-chain attack. The breach, lasting ...