ADVERTISEMENT

Critical compromise: Axios NPM library with 100M weekly downloads is delivering malware

Axios, a hugely popular JavaScript library with 100 million weekly downloads, has been hit by a critical supply chain attack. In a recurring open-source security crisis, developers unknowingly pulled a remote-access trojan from compromised releases.

Axios chain attack

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 31, 2026 Updated: 1 April 2026 5 min read
npm package axios

Carefully prepared attack

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.

First victims confirmed

ADVERTISEMENT

What is the malware capable of?

how axios attack works
Image by Socket Research Team.
Has my data been leaked?

Developers advised to isolate infected systems


ADVERTISEMENT