npm security — 2 Technical Articles

Apr 4, 2026 · Information Security

How AI‑Assisted Social Engineering Compromised the Popular Axios Module

A recent GitHub issue reveals that attackers used AI‑assisted social engineering—posing as a company founder, creating a fake Slack workspace, arranging Microsoft Teams meetings, and tricking the maintainer into installing a malicious npm package—to inject a trojan into the widely used Axios library, bypassing 2FA and publishing malicious code.

AIaxiosnpm security

0 likes · 3 min read

How AI‑Assisted Social Engineering Compromised the Popular Axios Module

JavaScript

Nov 1, 2021 · Information Security

How a Hijacked UAParser.js npm Package Infected Hundreds of Thousands of Machines

A compromised UAParser.js npm package spread cryptomining malware and credential theft to an estimated 188,000 computers within four hours, prompting urgent updates and two‑factor authentication for developers relying on this popular JavaScript library.

MalwareUAParser.jsdependency management

0 likes · 3 min read

How a Hijacked UAParser.js npm Package Infected Hundreds of Thousands of Machines