
The Axios npm Attack: How a Social Engineering Campaign Compromised 100 Million Weekly Downloads
On March 31, 2026, a North Korean hacking group compromised the axios npm package through social engineering. Here's what happened, how the attack worked, and what development teams should do about it.










