Search
On March 31, 2026, reports surfaced indicating that two npm versions of the widely-used JavaScript library Axios, namely axios@1.14.1 and axios@0.30.4, had been compromised by hackers, who inserted remote control code into them. The attackers gained unauthorized access to the npm account of Axios's primary maintainer and utilized it to distribute these malicious versions. The infiltration was achieved through a counterfeit dependency package, plain-crypto-js@4.2.1, which executed harmful scripts during the installation process and established a connection to a remote server to download additional malware. Developers are strongly advised to promptly verify their Axios versions and associated dependencies. In the event of any impact, it is imperative to reinstall their systems and update their login credentials without delay.
-
C114 Communication Network -
Communication Home
