Axios npm package versions 1.14.1 and 0.30.4 were trojanized with a remote access trojan prior to registry publication by DPRK-affiliated actors as part of a broader technology sector targeting campaign. Axios is one of the most widely deployed HTTP client libraries in the JavaScript ecosystem; any project resolving these exact versions from the npm registry during their availability window should be treated as having pulled and executed malicious code at install time.