Axios npm Attack: RAT Hits 100M-Download Package on Claude Code Leak Day
Last updated: March 2026 On March 31, 2026, attackers compromised the npm account of Axios’s lead maintainer and published two malicious versions (1.14.1 and 0.30.4) of the HTTP client library used by over 100 million projects weekly. The poisoned packages silently installed a cross-platform Remote Access Trojan (RAT) via a hidden dependency called plain-crypto-js. The … Read more