Source: Socket
A supply chain attack compromised Axios, a widely-used HTTP client library with 100 million weekly npm downloads, by introducing a malicious dependency that deployed a multi-stage payload. This attack matters because Axios's ubiquity in the Node.js ecosystem means the compromised package could have affected hundreds of thousands of downstream applications and services.