Neowin

JavaScript devs beware: this very popular NPM package has been compromised by attackers

If you are a JavaScript developer, you’re likely familiar with Axios, the popular library with over 80 million weekly downloads. Developers use Axios to make network requests, handle form submissions, ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
Hosted on MSN

Hacker tries to spread malware to millions by hitting 'Axios NPM' software

A hacker has compromised a little-known, but popular 2.4MB software package that's downloaded over 100 million times per week and is widely used across apps. The IT security community is sounding the ...
CoinTelegraph

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security companies flagged axios@1.14.1 and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...