JS Devs Hit by Axios npm Package Hack π¨
Hackers compromised Axios npm, releasing backdoored versions with hidden post-install scripts, affecting millions of JavaScript developers.
Better Stack
4.5K views β’ Apr 1, 2026
About this video
Attackers compromised the Axios npm package and published two backdoored releases. The malicious versions introduced a hidden post-install script that silently downloaded a Remote Access Trojan onto developer machines and CI/CD runners, scanning for .env files, SSH keys, npm tokens and more.
π Relevant Links
https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package
https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package/
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHZlejk4T1JxOVdNWmhWQ05MTUxmdTRzb2dUUXxBQ3Jtc0ttbEQ5SkFtZWhBUWZsallOWDhaeXo5cTNKXzQ5Y0E2U09MQVFBT21kVGtJWjhybmdZTlFFMWZycy1NWnZVRlh5a0FLZ3hOVUluTUNLemlPYXdia2RWcGY5eUx4bFRMdnZxSzVUN1ZhelkzNnRBWWdjZw&q=https%3A%2F%2Fwww.stepsecurity.io%2Fblog%2Faxios-compromised-on-npm-malicious-versions-drop-remote-access-trojan&v=yiLIZLPNEm8
β€οΈ More about us
Radically better observability stack: https://betterstack.com/
Written tutorials: https://betterstack.com/community/
Example projects: https://github.com/BetterStackHQ
π± Socials
Twitter: https://twitter.com/betterstackhq
Instagram: https://www.instagram.com/betterstackhq/
TikTok: https://www.tiktok.com/@betterstack
LinkedIn: https://www.linkedin.com/company/betterstack
π Relevant Links
https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package
https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package/
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbHZlejk4T1JxOVdNWmhWQ05MTUxmdTRzb2dUUXxBQ3Jtc0ttbEQ5SkFtZWhBUWZsallOWDhaeXo5cTNKXzQ5Y0E2U09MQVFBT21kVGtJWjhybmdZTlFFMWZycy1NWnZVRlh5a0FLZ3hOVUluTUNLemlPYXdia2RWcGY5eUx4bFRMdnZxSzVUN1ZhelkzNnRBWWdjZw&q=https%3A%2F%2Fwww.stepsecurity.io%2Fblog%2Faxios-compromised-on-npm-malicious-versions-drop-remote-access-trojan&v=yiLIZLPNEm8
β€οΈ More about us
Radically better observability stack: https://betterstack.com/
Written tutorials: https://betterstack.com/community/
Example projects: https://github.com/BetterStackHQ
π± Socials
Twitter: https://twitter.com/betterstackhq
Instagram: https://www.instagram.com/betterstackhq/
TikTok: https://www.tiktok.com/@betterstack
LinkedIn: https://www.linkedin.com/company/betterstack
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
4.5K
Likes
125
Duration
4:17
Published
Apr 1, 2026
User Reviews
4.6
(4) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.