Axios on npm Compromised: Update Now π¨
Hackers hijacked Axios maintainer accounts, pushing malicious versions 1.14.1 and 0.30.4. Developers must check npm immediately.
RootToHack
1.2K views β’ Mar 31, 2026
About this video
π¨ Axios was compromised on npm.
Attackers reportedly hijacked an Axios maintainer account and pushed two poisoned versions: 1.14.1 and 0.30.4.
The malicious releases added a fake dependency, plain-crypto-js, which security writeups say could download a cross-platform RAT affecting Windows, Linux, and macOS.
If you installed either version, treat that environment seriously:
β roll back
β rotate credentials
β investigate outbound activity
This is what modern supply chain attacks look like:
not fake appsβ¦
but code developers already trust.
#axios #npm #javascript #cybersecurity #supplychainattack #malware #infosec #developers #nodejs #hackingnews #cybernews #devsecops #opensource #programming #roottohack
Attackers reportedly hijacked an Axios maintainer account and pushed two poisoned versions: 1.14.1 and 0.30.4.
The malicious releases added a fake dependency, plain-crypto-js, which security writeups say could download a cross-platform RAT affecting Windows, Linux, and macOS.
If you installed either version, treat that environment seriously:
β roll back
β rotate credentials
β investigate outbound activity
This is what modern supply chain attacks look like:
not fake appsβ¦
but code developers already trust.
#axios #npm #javascript #cybersecurity #supplychainattack #malware #infosec #developers #nodejs #hackingnews #cybernews #devsecops #opensource #programming #roottohack
Video Information
Views
1.2K
Likes
20
Duration
1:04
Published
Mar 31, 2026
User Reviews
4.5
(1) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
No specific trending topics match this video yet.
Explore All Trends