Trend Micro has reported an incident where the popular npm package Axios was compromised, potentially exposing a large number of weekly downloads. According to their investigation, more than 100 million weekly downloads of the Axios package have been recorded. The attack leverages supply chain vulnerabilities to inject malicious code into applications that depend on the compromised package.
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
ARCHIVE This story is marked as archive content due to its age and may not reflect the current state of events.
Summary: Trend Micro has confirmed that the popular npm package Axios has been compromised, affecting a widely used JavaScript client with over 100 million weekly downloads.
Key facts
- npm Axios package compromised
- Over 100 million weekly downloads of the package
- Attack uses supply chain to inject malicious code
Why it matters
This incident highlights the importance of monitoring and protecting supply chains, as a vulnerability in one component can have global effects on multiple systems and applications.
@trendaisecurity
Embedded content for: Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads