The Axios npm Compromise: How One Phishing Attack Poisoned 100 Million Weekly Downloads
On March 31, 2026, a hacker group linked to North Korea pushed malicious code to one of the most-installed JavaScript libraries on the planet. They didn't exploit a zero-day. They didn't break encryption. They didn't bypass a firewall. They sent a message.
The attack that started with a Slack invite
The attacker impersonated the founder of a real company, using a cloned identity and believable outreach. They targeted a maintainer of one of the most popular JavaScript libraries - Axios. That maintainer was invited into a real Slack workspace that had been carefully branded to look legitimate, complete with plausible channel activity, linked social content, and what appeared to be team profiles and other open-source maintainers. The interaction then moved to a Microsoft Teams meeting with what seemed to be multiple participants, further increasing the appearance of legitimacy.
None of this would have looked alarming at the moment. A founder reaches out. A workspace looks real. A meeting has multiple faces on the call. The only thing that catches an attack like this in flight is pattern recognition - "I've seen something shaped like this before." And the only reliable way to build that pattern recognition is to walk people through this or a similar scenario, in a safe environment, before the real one shows up. Imagine if the maintainer had received a near-identical fake outreach the week before, with the same cloned-founder pretext, same too-perfect Slack invite, as part of a simulation tailored to open-source maintainers. The real attempt would have felt familiar in the worst possible way for the attacker. But that's not how most security awareness programs work.
Frame was built specifically for this gap. By the end of the hacking operation, the attacker had what they wanted: the target's npm credentials. The hackers published two malicious versions of Axios across both the modern and legacy release branches. Each version silently injected a phantom dependency containing a postinstall script that deployed a cross-platform remote access trojan on macOS, Windows, and Linux.
Axios is used by virtually every Node.js developer alive, embedded as a dependency in thousands of other packages, present somewhere in the dependency tree of nearly every modern web application. And for roughly three hours, every CI/CD pipeline that ran npm install and resolved to those Axios versions was pulling a remote access trojan into production builds. This affected organizations across government, finance, retail, consulting, entertainment, manufacturing, technology, healthcare, and utilities. Three hours is a long time. It's also a window where one alert employee, one developer who got the same fake-founder pitch a day earlier and reported it as suspicious, one IT lead who flagged the too-clean Slack invite, could have triggered an org-wide response.
If that single report had landed on a security dashboard with the power to mark the conversation as malicious and propagate that decision across every employee's inbox automatically, the rest of the company would have been protected before the malicious package finished publishing. One employee's instinct, multiplied across the entire organization, in real time. That's the kind of defense the Axios timeline was begging for.
TL;DR: One phishing attack on one open-source maintainer poisoned 100 million weekly downloads of Axios for three hours, dropping a cross-platform remote access trojan into production builds worldwide. The attackers didn't break any technology. They impersonated a founder over Slack and Teams. The only realistic defense is human pattern recognition trained before the real attempt arrives, and reporting infrastructure that can propagate one person's instinct across an entire org in real time.
Frame is the platform built for exactly this - human risk management designed to stop attacks like the Axios compromise.
How does Frame stop attacks like the Axios compromise?
The Axios compromise is the clearest signal yet that attackers have changed targets.
For years, supply chain defense has been about the code itself: scanning packages for known vulnerabilities, pinning versions so nothing updates without review, generating Software Bills of Materials so you know exactly what's in your build, requiring cryptographic proof of where a package came from. All of it is worth doing. None of it would have stopped this attack - because the attack didn't go after the code. It went after the person who publishes the code.
The maintainer wasn't tricked by a sloppy email. He was pulled into a slow, careful con: a believable persona, a Slack workspace that felt lived-in, a Teams call with multiple faces on it. None of the usual phishing tells were there. No broken English, no weird links, no "act now or your account will be closed." What was there instead was context. The kind of context that makes a busy maintainer glance at the conversation and think, this is just work.
That's the same playbook now being run against your security engineers, your DevOps leads, your IT admins, and anyone whose credentials open a door worth opening. The Axios compromise didn't just hit one project. It proved the tactic works, and tactics that work get copied.
Why traditional security awareness training misses this entirely
Most security awareness programs were built for a different kind of attacker. They teach people to spot bad grammar, dodgy links, and sender addresses that don't quite match. They send out a phishing simulation once a quarter - "your package has been delayed," "reset your Microsoft 365 password," "click here to view your bonus" - and call the box checked.
The basics still matter. Every employee should be able to spot a clumsy phishing email. The problem is when the basics are the whole program.
A generic template doesn't prepare an open-source maintainer for a cloned founder persona, a fake Slack workspace that looks lived-in, and a Teams call with three people on it. A quarterly drill doesn't prepare a senior developer for a "partnership conversation" that ends with a request to run a "compatibility script" against their npm credentials. And neither one reflects the fact that state-backed social engineering is now patient, well-resourced, and tailored to the person being targeted.
So what does prepare people for the attacks that legacy programs don't cover? Frame is the AI-driven platform purpose-built to train developers, maintainers, and privileged users to recognize the exact tradecraft used in the Axios npm compromise.
How Frame trains your people for the attack actually coming for them
Frame is an AI-driven human risk management platform. Instead of one-size-fits-all training, you get personalized, role-based scenarios and simulations - generated in minutes, available in 30+ languages, built around the threats your organization actually faces.
Three pieces do the work:
Frame's Phishing Simulator runs realistic, data-driven social engineering simulations that mirror modern attacker behavior, including multi-channel impersonation, deepfake voice and video calls, voice phishing, credential phishing, and the long-tail trust manipulation tactics used in attacks like the Axios compromise. The scenarios aren't pulled from a generic library, they're tailored to the systems, vendors, and roles that exist in your environment. The kind of multi-stage social engineering operation that moved from a fake email to a phone call to a video meeting to stolen npm credentials? That's a scenario Frame can simulate against your real people, in your real environment, before a real hacker group does it.
Frame's Content Studio generates role-based training that meets each employee where they are. A senior developer with publish rights to internal packages learns to recognize maintainer impersonation. A DevOps engineer trains against CI/CD credential phishing. An IT admin learns vendor and partnership impersonation tactics. A security engineer gets training on the exact playbook used by the hacker group behind the Axios compromise. Every piece is org-specific, current, and built around what each person actually needs to spot.
Frame Triage turns one employee's instinct into protection for the whole company. It monitors employee activity in real time and surfaces suspicious messages to security admins in seconds. Mark a message as spam, quarantine it, or dismiss it, and that decision propagates instantly across every inbox in the organization. In an Axios-style three-hour window, that's the difference between one team getting compromised and the rest of the company staying clean.
Together, Frame can give security teams something legacy training never could: a real read on human risk across the attack surfaces that matter - including the open-source supply chain that most awareness programs aren’t even testing for.
To prevent the next Axios-style breach, organizations need role-based simulation training and real-time threat triage. Frame provides both.
What CISOs should do this quarter
If you're a CISO, security engineer, or AppSec lead in any organization that ships software, three things matter right now:
Treat your developers and maintainers as a privileged attack surface. They have publish rights, credentials, and tokens that can affect thousands of downstream users in one push. They deserve more sophisticated training than your finance team gets, not less.
Audit how far your awareness program actually goes. Generic phishing templates are a starting point, not a finish line. If your program stops at "click here to reset your password", your engineers are not ready for a fake founder, a fake Slack, and a fake Teams call.
Move to a platform that trains for the threats your environment actually creates. That's what Frame does, and that's why security teams from modern, security-mature enterprises are replacing legacy awareness vendors with Frame.
The Axios compromise wasn't a technical failure. It was a human one, engineered with the patience and budget of a state-backed hacker group. The attackers already know this works. It's time your people did too. Frame is how you get them there.
Frame Security is how you stop the next Axios before it reaches your build. Book a demo and see how AI-driven simulations and role-based training prepare your organization for the next attack, at scale, in minutes.
