Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

Socket

Two malicious versions of Axios were briefly published to npm on March 31 after a social engineering attack compromised maintainer Jason Saayman's machine. The attacker posed as a legitimate company, gained access to his device, hijacked browser sessions and cookies, and used his own credentials to publish a remote access trojan targeting macOS, Windows, and Linux. Because the attacker operated with the maintainer's real access, protections like 2FA and OIDC-based publishing offered no defense. The incident highlights the systemic vulnerability of the open source ecosystem: widely used packages often depend on solo maintainers who face sophisticated attacks without institutional support, making maintainers themselves a critical and underprotected layer of the software supply chain.

Axios Maintainer Confirms Social Engineering Attack Behind n...

The Burden on Solo Maintainers as Supply Chain Targets #