If you installed or updated Claude Code via npm on March 31, 2026, between 00:21 and 03:29 UTC, you may have inadvertently pulled in a malicious version of axios (1.14.1 or 0.30.4) that contains a Remote Access Trojan (RAT). You should immediately search your project lockfiles (package-lock.json, yarn.lock, or bun.lockb) for these specific versions or the dependency plain-crypto-js. If found, treat the host machine as fully compromised, rotate all secrets, and perform a clean OS reinstallation.
Lol 😂
This is because if an unrelated hack on npm’s latest build. Anyone with this version of npm is affected
That axios supply chain attack was a bitch. There were extensions compromised from that shit.
Its bad advise too, because the malware removed itself from those files to removed traces of itself