⚠
THE EXACT ATTACK FROM MARCH 31, 2026North Korean state actors hijacked the axios npm account. 70M weekly downloads. The malicious package was live for 3 hours — npm audit, Snyk, and Dependabot all missed it.
attack window
03:00:00
interactive demo · no account required
See Preflight catch it.
We've pre-loaded the actual payload from the incident. Click Run analysis and watch four independent signals fire in real time, ending in a Gemini-synthesised verdict.
↑ click RUN PREFLIGHT ANALYSIS to begin · execution takes ≈2.8 seconds · no GitHub account required