What caused the axios@1.14.1 supply chain attack?

Account takeover on the lead maintainer—no email re-auth. Published malicious versions injecting plain-crypto-js RAT.

How do I protect against NPM supply chain attacks like axios?

Use Ward or similar pre-install scanners. Pin deps, but add script/behavior checks. Enable 2FA everywhere.

Yes—specific hooks intercept their npm installs, blocking threats before execution.

Ever wonder if that quick 'npm install axios@latest' just handed your AWS keys to a stranger? On March 31, 2026, it did—for 40 million weekly users.

DevTools Feed Apr 03, 2026 3 min read 14 views

[email protected] hijack used account takeover and fake dep to drop RATs stealing creds in seconds. 𝕏
Standard tools like npm audit lagged 12+ hours; need pre-install behavioral checks. 𝕏
AI dev agents explode risk—tools like Ward target this, but watch for vendor upsells. 𝕏

Published by

Ship faster. Build smarter.

#RAT malware #axios supply chain attack #dependency hijack #npm-security

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by dev.to