{"id":35264,"date":"2026-04-01T02:30:05","date_gmt":"2026-04-01T02:30:05","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=33620"},"modified":"2026-04-13T08:53:04","modified_gmt":"2026-04-13T08:53:04","slug":"axios-front-end-library-npm-supply-chain-poisoning-alert","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/axios-front-end-library-npm-supply-chain-poisoning-alert\/","title":{"rendered":"Axios Front-End Library npm Supply Chain Poisoning Alert"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI\/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version with a Trojan backdoor through the npm CLI. When the user installs it, a persistent remote control will be established on the host. The impact is wide-ranging, and relevant users are requested to take measures for investigation and protection as soon as possible.<\/p>\n\n\n\n<p>Axios is an open source JavaScript HTTP client based on Promise, widely used in browsers and Node.js environments.<\/p>\n\n\n\n<p>Reference link: <a href=\"https:\/\/github.com\/axios\/axios\/issues\/10604\">https:\/\/github.com\/axios\/axios\/issues\/10604<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Scope of Impact<\/h2>\n\n\n\n<p><strong>Affected versions<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>axios&nbsp;=&nbsp;1.14.1<\/li>\n\n\n\n<li>axios&nbsp;=&nbsp;0.30.4<\/li>\n<\/ul>\n\n\n\n<p>Note: Windows, macOS, and Linux systems are all affected, with more than 300 million downloads per week.<\/p>\n\n\n\n<p><strong>Unaffected versions<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>axios &lt;= 1.14.0<\/li>\n\n\n\n<li>axios &lt;= 0.30.3<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Event Analysis<\/h2>\n\n\n\n<p>The attackers stole and took over the npm and GitHub accounts of Jason Saayman, the main maintainer of the Axios project, and changed his email address to an anonymous ProtonMail address: Ifstap@proton.me, the attacker first pre-arranges a clean plain-crypto-js@4.2.0 through a separate one-time account nrwise@proton.me to establish an npm release history and circumvent security tools&#8217; detection alarms for new packages; After 18 hours, the malicious package plain-crypto-js@4.2.1 was updated on npm, bypassing the normal GitHub Actions process to release the malicious versions axios@1.14. and axios@0.30.4, and adding plain-crypto-js@4.2.1 as a runtime dependency; Plain-crypto-js will execute the setup.js malicious script (RAT dropper) during installation, which will detect the current system and distribute different remote control payloads according to the three platforms of macOS, Windows, and Linux.<\/p>\n\n\n\n<p>The attacker implanted self-destruct logic in setup.js. After the Trojan backdoor is executed, it will automatically delete its own script files, delete package.json with malicious hooks, and replace them with clean disguise files prepared in advance.<\/p>\n\n\n\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>#Script self-deletes<\/p>\n\n\n\n<p>fs.unlink(__filename, (x=&gt;{}));<\/p>\n\n\n\n<p>#Overwrite the original package.json with a clean package.md and rename <\/p>\n\n\n\n<p>fs.rename(&#8220;package.md&#8221;, &#8220;package.json&#8221;, (x=&gt;{}));<\/p>\n<\/div><\/div>\n\n\n\n<p><strong>Event timeline:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>3\/30 05:57:32 UTC, the attacker created plain-crypto-js@4.2.0 (clean camouflage package)<\/li>\n\n\n\n<li>3\/30 23:59:12 UTC, the attacker released plain-crypto-js@4.2.1 malicious payload 3\/31 00:21:58 UTC, the attacker released axios@1.14.1 malicious version through npm CLI<\/li>\n\n\n\n<li>3\/31 01:00:57 UTC, The attacker released the malicious version of axios@0.30.4 through npm CLI 3\/31 02:30 UTC, and deleted the alarm issue<\/li>\n\n\n\n<li>3\/31 03:40:46 UTC with administrator privileges. npm removed the malicious version and revoked all tokens<\/li>\n\n\n\n<li>3\/31 NSFOCUS CERT issued an early warning notice<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Risk Investigation<\/h2>\n\n\n\n<p><strong>Relevant users can conduct troubleshooting according to the following steps:<\/strong><strong><\/strong><\/p>\n\n\n\n<p>1. Use the following command to check whether there is a malicious version of Axios in the project<\/p>\n\n\n\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>#Check the axios version in project dependencies<\/p>\n\n\n\n<p>npm&nbsp;list&nbsp;axios&nbsp;2&gt;\/dev\/null&nbsp;|&nbsp;grep&nbsp;-E&nbsp;&#8220;1\\.14\\.1|0\\.30\\.4&#8221;<br><\/p>\n\n\n\n<p>#Check the axios version locked by the lock file <\/p>\n\n\n\n<p>grep -A1 &#8216;&#8221;axios&#8221;&#8216; package-lock.json | grep -E &#8220;1\\.14\\.1|0\\.30\\.4&#8221;<\/p>\n<\/div><\/div>\n\n\n\n<p>2. Check the CI\/CD pipeline log to see if there is any npm install\/npm update operation for pulling or installing a new version of Axios<\/p>\n\n\n\n<p>3. Check whether there is a malicious dependency package plain-crypto-js in node_modules<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-cyan-bluish-gray-background-color has-background\"><tbody><tr><td>ls&nbsp;node_modules\/plain-crypto-js&nbsp;2&gt;\/dev\/null&nbsp;&amp;&amp;&nbsp;echo&nbsp;&#8220;POTENTIALLY&nbsp;AFFECTED&#8221;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Note: If package.json is a clean stub, it means that the backdoor Trojan has been run.<\/p>\n\n\n\n<p><strong>Users can use the command of the corresponding system to check whether there is a backdoor Trojan on the affected host:<\/strong><\/p>\n\n\n\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>#&nbsp;macOS<br>ls&nbsp;-la&nbsp;\/Library\/Caches\/com.apple.act.mond&nbsp;2&gt;\/dev\/null&nbsp;&amp;&amp;&nbsp;echo&nbsp;&#8220;COMPROMISED&#8221;<br><br>#&nbsp;Linux<br>ls&nbsp;-la&nbsp;\/tmp\/ld.py&nbsp;2&gt;\/dev\/null&nbsp;&amp;&amp;&nbsp;echo&nbsp;&#8220;COMPROMISED&#8221;<br><br>#&nbsp;Windows<br>dir&nbsp;&#8220;%PROGRAMDATA%\\wt.exe&#8221;&nbsp;2&gt;nul&nbsp;&amp;&amp;&nbsp;echo&nbsp;COMPROMISED<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Summary and Recommendations<\/h2>\n\n\n\n<p>This incident has once again sounded the alarm for supply chain security in the front-end ecosystem and open source community. Enterprises must establish a normalized open source component security audit mechanism and build a complete supply chain security governance system to prevent such threats.<\/p>\n\n\n\n<p>It is recommended that affected users take the following measures:<\/p>\n\n\n\n<p>1. Immediately downgrade axios to a safe version and force all indirect dependencies of the project to use:<\/p>\n\n\n\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>#2 branches corresponding to the secure version<\/p>\n\n\n\n<p>npm&nbsp;install&nbsp;axios@1.14.0<br>npm&nbsp;install&nbsp;axios@0.30.3<\/p>\n\n\n\n<p>#Add overrides and resolutions in package.json <\/p>\n\n\n\n<p>{<br>&nbsp;&#8220;dependencies&#8221;:&nbsp;{&nbsp;&#8220;axios&#8221;:&nbsp;&#8220;1.14.0&#8221;&nbsp;},<br>&nbsp;&#8220;overrides&#8221;:&nbsp;&nbsp;&nbsp;&nbsp;{&nbsp;&#8220;axios&#8221;:&nbsp;&#8220;1.14.0&#8221;&nbsp;},<br>&nbsp;&#8220;resolutions&#8221;:&nbsp;&nbsp;{&nbsp;&#8220;axios&#8221;:&nbsp;&#8220;1.14.0&#8221;&nbsp;}<br>}&nbsp;&nbsp;<\/p>\n<\/div><\/div>\n\n\n\n<p>2. Remove plain-crypto-js from node_modules, clear the npm cache and reinstall dependencies:<\/p>\n\n\n\n<div class=\"wp-block-group has-cyan-bluish-gray-background-color has-background\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>rm -rf node_modules\/plain-crypto-js <\/p>\n\n\n\n<p>npm&nbsp;cache&nbsp;clean&nbsp;&#8211;force<\/p>\n\n\n\n<p>npm install &#8211;ignore-scripts&nbsp;<\/p>\n<\/div><\/div>\n\n\n\n<p>3. Revoke and rotate all system npm tokens, SSH keys, cloud account keys, CI\/CD keys, database passwords and other credentials;<\/p>\n\n\n\n<p>4. Block and investigate malicious IoCs;&nbsp;<\/p>\n\n\n\n<p>5. Implement the principle of least privilege, limit the access scope of CI\/CD tools, and rotate credentials regularly; <\/p>\n\n\n\n<p>6. Establish a normalized open source component audit mechanism and increase multiple approval processes before release.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">IOCs<\/h2>\n\n\n\n<p><strong>Malicious files<\/strong><strong><\/strong><\/p>\n\n\n\n<p>File name: axios@1.14.1<\/p>\n\n\n\n<p>SHA1: 2553649f2322049666871cea80a5d0d6adc700ca<\/p>\n\n\n\n<p>File name: axios@0.30.4<\/p>\n\n\n\n<p>SHA1: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71<\/p>\n\n\n\n<p>File name: plain-crypto-js@4.2.1<\/p>\n\n\n\n<p>SHA1: 07d889e2dadce6f3910dcbc253317d28ca61c766<\/p>\n\n\n\n<p><strong>Malicious domain name\/IP<\/strong><strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>sfrclak.com<\/li>\n\n\n\n<li>callnrwise.com<\/li>\n\n\n\n<li>142.11.206.73<\/li>\n<\/ul>\n\n\n\n<p><strong>Malicious URL<\/strong><strong><\/strong><\/p>\n\n\n\n<p>http:\/\/sfrclak.com:8000\/6202033<\/p>\n\n\n\n<p><strong>Malicious mailbox<\/strong><strong><\/strong><\/p>\n\n\n\n<p>nrwise@proton.me<\/p>\n\n\n\n<p>ifstap@proton.me<\/p>\n\n\n\n<p><strong>Others<\/strong><strong><\/strong><\/p>\n\n\n\n<p>User-Agent:mozilla\/4.0 (compatible; msie 8.0; windows nt 5.1; trident\/4.0)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Statement<\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About NSFOCUS<\/h2>\n\n\n\n<p>NSFOCUS, a pioneering leader in cybersecurity, is dedicated to safeguarding telecommunications, Internet service providers, hosting providers, and enterprises from sophisticated cyberattacks.<\/p>\n\n\n\n<p>Founded in 2000, NSFOCUS operates globally with over 4000 employees at two headquarters in Beijing, China, and Santa Clara, CA, USA, and over 50 offices worldwide. It has a proven track record of protecting over 25% of the Fortune Global 500 companies, including four of the five largest banks and six of the world\u2019s top ten telecommunications companies.<\/p>\n\n\n\n<p>Leveraging technical prowess and innovation, NSFOCUS delivers a comprehensive suite of security solutions, including the Intelligent Security Operations Platform (ISOP) for modern SOC, DDoS Protection, Continuous Threat Exposure Management (CTEM) Service and Web Application and API Protection (WAAP). All the solutions and services are augmented by the Security Large Language Model (SecLLM), ML, patented algorithms and other cutting-edge research achievements developed by NSFOCUS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI\/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":28664,"comment_status":"open","ping_status":"open","sticky":false,"template":"post-templates\/single-layout-8.php","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[2151,2152,552,2153,2154],"class_list":["post-35264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-axios","tag-javascript","tag-node-js","tag-npm","tag-supply-chain-security-2"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-01T02:30:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-13T08:53:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png\" \/>\n<meta name=\"author\" content=\"NSFOCUS\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSFOCUS\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/\"},\"author\":{\"name\":\"NSFOCUS\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\"},\"headline\":\"Axios Front-End Library npm Supply Chain Poisoning Alert\",\"datePublished\":\"2026-04-01T02:30:05+00:00\",\"dateModified\":\"2026-04-13T08:53:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/\"},\"wordCount\":1160,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"keywords\":[\"Axios\",\"JavaScript\",\"Node.js\",\"npm\",\"supply chain security\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/\",\"name\":\"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"datePublished\":\"2026-04-01T02:30:05+00:00\",\"dateModified\":\"2026-04-13T08:53:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/Critical.png\",\"width\":169,\"height\":107,\"caption\":\"Critical alert icon with shield symbol.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/axios-front-end-library-npm-supply-chain-poisoning-alert\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Axios Front-End Library npm Supply Chain Poisoning Alert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/#\\\/schema\\\/person\\\/fd9ab61c9c77a81bbd870f725cc0c61d\",\"name\":\"NSFOCUS\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g\",\"caption\":\"NSFOCUS\"},\"sameAs\":[\"https:\\\/\\\/nsfocusglobal.com\"],\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/","og_locale":"pt_BR","og_type":"article","og_title":"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS","og_description":"Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker","og_url":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/","og_site_name":"NSFOCUS","article_published_time":"2026-04-01T02:30:05+00:00","article_modified_time":"2026-04-13T08:53:04+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","type":"","width":"","height":""}],"author":"NSFOCUS","twitter_card":"summary_large_image","twitter_title":"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS","twitter_description":"Overview On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","twitter_misc":{"Escrito por":"NSFOCUS","Est. tempo de leitura":"5 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/"},"author":{"name":"NSFOCUS","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d"},"headline":"Axios Front-End Library npm Supply Chain Poisoning Alert","datePublished":"2026-04-01T02:30:05+00:00","dateModified":"2026-04-13T08:53:04+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/"},"wordCount":1160,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","keywords":["Axios","JavaScript","Node.js","npm","supply chain security"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/","url":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/","name":"Axios Front-End Library npm Supply Chain Poisoning Alert - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","datePublished":"2026-04-01T02:30:05+00:00","dateModified":"2026-04-13T08:53:04+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/04\/Critical.png","width":169,"height":107,"caption":"Critical alert icon with shield symbol."},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/axios-front-end-library-npm-supply-chain-poisoning-alert\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"Axios Front-End Library npm Supply Chain Poisoning Alert"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/#website","url":"https:\/\/nsfocusglobal.com\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/#\/schema\/person\/fd9ab61c9c77a81bbd870f725cc0c61d","name":"NSFOCUS","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3dc987908fc59791d261b1006d84eb931d15287261476b9384e690ed0c568de?s=96&d=mm&r=g","caption":"NSFOCUS"},"sameAs":["https:\/\/nsfocusglobal.com"],"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/35264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=35264"}],"version-history":[{"count":1,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/35264\/revisions"}],"predecessor-version":[{"id":35605,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/35264\/revisions\/35605"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/28664"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=35264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=35264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=35264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}