Axios, the JavaScript HTTP library with 100M+ weekly downloads, was compromised when attackers stole a maintainer's npm token and published malicious versions containing a remote access trojan. The poisoned packages targeted macOS, Windows and Linux, and were live for three hours before removal. The attack bypassed OIDC and SLSA provenance protections that axios had in place, exploiting a legacy token that npm silently preferred over modern authentication. https://venturebeat.com/security/axios-npm-supply-chain-attack-rat-maintainer-token-2026 #AIagent #AI #GenAI #AIInfrastructure #VentureBeat