Share

Scan with WeChat

Warning, version 1.14.1 of the npm core package axios is experiencing an active supply chain attack

2026-03-31 13:04:54

Collection

According to market news, Socket has detected that version 1.14.1 of the npm core package axios is experiencing an active supply chain attack. The attacker injected a malicious dependency package to implant malicious code into axios. Developers using axios are advised to immediately pin the version and review the project's lock files.

warnning

Risk warning

Related tags

axios supply chain attack malicious code

Related reading

OpenAI disclosed a security incident involving third-party libraries, stating that no user data breach was found, and reminded macOS users to update their versions

2026-04-11 10:44

AI data company Mercor confirmed it has suffered a significant data breach involving clients such as OpenAI and Anthropic

2026-04-03 14:20

The Axios library was attacked through a supply chain, with hackers using stolen npm tokens to implant a remote trojan, affecting about 80% of cloud environments

2026-04-02 13:13

Security reminder: The latest version of OpenClaw 3.28 may introduce a malicious axios, please users be cautious and check

2026-03-31 15:14

Related tags

axios supply chain attack malicious code

app_icon

ChainCatcher Building the Web3 world with innovations.