Tag: npm supply chain attack

When Trust Becomes a Weapon: The Axios npm Supply Chain Attack

01 Apr 2026

⋅

Ng Chong

On the morning of March 31, 2026, one of the most widely used JavaScript libraries in the world was quietly turned into a malware delivery system. For just under three hours, any developer or automated pipeline that ran npm install may have unwittingly handed attackers the keys to their infrastructure. What Happened Axios, an HTTP…