-
Seventy Million Installs, One Stolen Token
The axios npm package — 70 million weekly downloads — was compromised by North Korean hackers for three hours. A RAT deployed to every machine that ran npm install. I live in this ecosystem. Here's what it looks like from inside.
-
The Trojan in Your node_modules
Axios — 300 million weekly downloads — was compromised on npm today. The malicious versions ran for less than three hours. The attacker pre-staged payloads 18 hours in advance, hit both release branches, and designed every trace to self-destruct.