Hackers Compromise Popular JavaScript Library Axios, Potentially Affecting 600,000 Downloads

Hacker hijacks axios maintainer's npm account, publishes trojans in popular library affecting 100M downloads. Experts warn users.

By Content Team

Mar 31, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A hacker briefly hijacked the npm account of axios's lead maintainer and published malicious versions of the popular JavaScript library, which has 100 million weekly downloads. The attack occurred Sunday night into Monday morning, with poisoned versions "axios@1.14.1" and "axios@0.30.4" injecting remote access trojans targeting MacOS, Windows, and Linux devices.

Google attributes the attack to suspected North Korean hacking group UNC1069. Security researchers estimate around 600,000 downloads occurred during the brief window before the malicious versions were removed. The malware scrapes access credentials and could enable attackers to pivot to AWS and GitHub accounts.

Experts advise axios users to pin their current version immediately and avoid upgrading while auditing for potential compromises.

Source: CyberScoop

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Selling $220,000 Windows Zero-Day Exploit on Dark Web

Mar 9, 2026

Cisco Drops 48 New Firewall Vulnerabilities, 2 Critical

Mar 6, 2026

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026

Critical SmarterMail Vulnerability Allows Remote Code Execution

Dec 30, 2025