DPRK-affiliated actors compromised the Axios npm package by hijacking a maintainer account, injecting a RAT into versions v1.14.1 and v0.30.4. Any organization whose CI/CD pipelines or development environments installed those specific versions may have an active RAT on build infrastructure. No CVE has been assigned — the vector was account hijacking, not a software vulnerability. Safe versions are any release other than v1.14.1 and v0.30.4; verify via lockfile hash.