Incident Critical npm javascript Axios Supply Chain Attack: All begin with Social Engineering Campaign Targeting npm's Most Downloaded HTTP Library Axios maintainer hacked via social engineering; RAT dropper found in versions 1.14.1 & 0.30.4 via malicious dependency. Ricardo Sanchez · Apr 7, 2026 · 9 min read
