Backdooring of JavaScript Library Axios Tied to North Korea

Expect Fallout After Remote Access Trojan Added to Popular JavaScript NPM Package Mathew J. Schwartz (euroinfosec) • April 1, 2026

A supply-chain attack that compromised versions of Axios to distribute a remote access Trojan bears North Korean fingerprints, said security researchers.

See Also: AI Impersonation Is the New Arms Race—Is Your Workforce Ready?

Axios is a widely used JavaScript library for making HTTP requests, which gets downloaded more than 100 million times per week. It's part of Node Package Manager, or npm, which is the default package manager for the GitHub-maintained JavaScript runtime environment Node.js.

The attack against Axios traces to a "hijacked maintainer account" for the project being used "to publish poisoned Axios releases including 1.14.1 and 0.30.4," in which "the attacker injected a hidden dependency ...