Axios npm Package Briefly Compromised, Exposing Millions of Developer Systems to RAT

A coordinated supply-chain attack against the axios JavaScript library turned one of the most trusted packages in software development into a delivery mechanism for a cross-platform remote access trojan, exposing tens of millions of automated build systems, developer machines and enterprise pipelines worldwide on March 31.

The attacker gained access to the npm credentials of jasonsaayman, the primary axios maintainer, and changed the account's registered email address to an anonymous ProtonMail address before manually publishing two backdoored releases: axios@1.14.1, tagged as the latest version, and axios@0.30.4, tagged as a legacy release. With over 100 million weekly downloads spanning frontend frameworks, backend services, mobile apps and enterprise tooling, axios is among the most ubiquitous packages in the JavaScript ecosystem; the two poisoned versions sat in the registry during a window when automated pipelines routinely fetch the latest tagged release without human review.

Neither backdoored version contained malicious code within axios itself. Instead, the attacker added a single new dependency to each package manifest: plain-crypto-js@4.2.1, a purpose-built trojan disguised as the legitimate crypto-js library, complete with matching description, author name and repository URL. The package was never imported anywhere in axios source code. Its only function, as StepSecurity researcher Ashish Kurmi described it, was to "execute a postinstall script that acts as a cross-platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux." The dropper contacted a live command-and-control server, downloaded a platform-specific payload and then destroyed evidence of its own execution.

The operation was staged approximately 18 hours in advance. An attacker-controlled npm account published a clean decoy version of plain-crypto-js at 05:57 UTC on March 30 to establish publishing history before the malicious payload version followed at 23:59 UTC. The compromised axios account published axios@1.14.1 at 00:21 UTC on March 31 and axios@0.30.4 at 01:00 UTC. Socket's automated malware detection flagged the package within six minutes of publication. What made the attack particularly dangerous post-infection was its invisibility: any inspection of the node_modules directory after install would show a completely clean manifest with no postinstall script, no setup.js file and no trace that anything malicious had ever run. Standard tools like npm audit could not detect the compromise after the fact.

Security teams at Huntress, Snyk, Socket and StepSecurity published emergency guidance within hours. Huntress advised organizations to treat any system that installed axios@1.14.1 or axios@0.30.4 as fully compromised and to rebuild from a known-good state rather than attempting in-place cleanup. Rotating all credentials accessible during build time, including npm tokens, cloud service keys and any secrets stored in CI/CD environment variables, was emphasized across every remediation guide. CI/CD pipelines that perform fresh installs without pinned lockfiles were identified as the most exposed, since such configurations would have fetched the malicious latest-tagged release automatically.

The incident is tracked under GHSA-fw8c-xr5c-95f9 and MAL-2026-2306. Audit CI/CD build logs for the March 31 UTC window, scan lockfiles for either affected version, and confirm plain-crypto-js@4.2.1 was never installed. The setup.js dropper used two layers of string obfuscation, including reversed base64, indicating the attacker anticipated forensic inspection and optimized for persistence over speed.

The attack drew direct comparisons to SolarWinds and renewed calls for mandatory multi-factor authentication on package registry publisher accounts, signed packages with verifiable provenance, and software bills of materials that let organizations trace exactly which dependency code executed in any given build. For organizations running JavaScript at scale, the axios compromise is the clearest recent evidence that an unpinned dependency is an open door.