Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...
Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Two malicious Axios npm releases have prompted warnings for developers ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results