Urgent Alert: Axios Supply‑Chain Poisoning Hits 300M Weekly Downloads – Check Your Projects Now

On March 31 2026, malicious versions of the widely used axios library (1.14.1 and 0.30.4) were published after the maintainer's npm account was hijacked, embedding a cross‑platform RAT; the article details the impact, detection steps, remediation, and long‑term hardening measures for affected projects.

CI/CDRATSecurity

0 likes · 13 min read

Urgent Alert: Axios Supply‑Chain Poisoning Hits 300M Weekly Downloads – Check Your Projects Now

Node.js Tech Stack

Mar 31, 2026 · Information Security

Axios Supply‑Chain Attack: 300 Million Weekly Downloads, Remote‑Control Trojan Inserted

The widely used Axios library, with 300 million weekly installs, was compromised through a short‑lived npm supply‑chain attack that injected a postinstall trojan delivering cross‑platform malware and a C2 callback, prompting detailed mitigation and long‑term prevention guidance.

Node.jsSecuritySupply Chain Attack

0 likes · 8 min read

Axios Supply‑Chain Attack: 300 Million Weekly Downloads, Remote‑Control Trojan Inserted

Urgent Alert: Axios Supply‑Chain Poisoning Hits 300M Weekly Downloads – Check Your Projects Now

Axios Supply‑Chain Attack: 300 Million Weekly Downloads, Remote‑Control Trojan Inserted

Axios Supply‑Chain Attack: 300 Million Weekly Downloads, Remote‑Control Trojan Inserted