chrisAxios sits underneath LangChain, OpenAI's SDK, dozens of MCP clients, ...
It's npm account got hijacked and published two backdoored versions!
If you are in AI agent deployments, see What You Should Do Right Now:
https://mistaike.ai/blog/axios-npm-supply-chain/
Axios Has 100 Million Weekly Downloads. North Korea Backdoored It in 39 Minutes. — mistaike
On March 31, a North Korea-linked threat actor hijacked the Axios npm maintainer account and published two backdoored versions within 39 minutes. The cross-platform RAT payload targeted every OS. Axios sits underneath virtually every AI agent framework, MCP client, and workflow automation tool in production today.