Descriptions:
NetworkChuck breaks down a sophisticated supply chain attack targeting Axios, the JavaScript HTTP library used in over 174,000 projects and downloaded more than 100 million times weekly. The attack, which unfolded on March 31, 2026, began when an attacker stole a long-lived npm access token belonging to lead maintainer Jason Semen, then used that access to add a single malicious dependency — ‘plain-crypto.js’ — to the package.json without touching any of Axios’s 86 source files.
The injected package executed a post-install script that deployed a platform-specific remote access Trojan (RAT) in under 1.1 seconds, then erased all traces of itself by deleting setup files and swapping in a pre-staged clean package.json that had been uploaded 18 hours earlier. Two release branches — versions 1.14.1 and 0.30.4 — were poisoned within 39 minutes of each other, meaning any project using caret-range versioning would silently pull the compromised code during routine npm installs or automated CI/CD runs. Security firm socket.dev was the first to identify the attack.
The video walks viewers through terminal commands to check whether their system has the affected Axios version installed, whether the RAT payload is present on Mac, Windows, or Linux, and whether outbound connections to the attacker’s command-and-control server occurred. NetworkChuck also explains why supply chain attacks are structurally harder to defend against than direct compromises, using an accessible analogy about poisoning a water supply rather than a single cup of coffee.
📺 Source: NetworkChuck · Published March 31, 2026
🏷️ Format: News Analysis
