⚠️ Critical Alert: axios 1.14.1 is a maliciously compromised package. It’s an active supply chain attack. Here’s everything you need to know and do right now.
What Happened
On March 31, 2026, an unknown attacker compromised the GitHub and npm accounts of the main developer of Axios and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans.
The attacker compromised the jasonsaayman npm account the primary maintainer of the axios project and changed the account’s registered email to an attacker-controlled ProtonMail address. Using this access, they published malicious builds across both the 1.x and 0.x release branches simultaneously, maximizing the number of projects exposed.
The malicious versions (1.14.1 and 0.30.4) were removed from npm by 03:29 UTC but in the window they were live, anyone whose CI/CD pipeline, developer environment, or build system pulled a fresh install could have been compromised without ever touching a line of Axios code.
How the Attack Works
These malicious packages contained [email protected] as a runtime dependency. When a developer runs npm install [email protected], npm resolves the dependency tree and installs [email protected] automatically. npm then executes plain-crypto-js‘s postinstall script, launching the dropper (setup.js).
The dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy leaving a developer who inspects their node_modules folder after the fact with no indication anything went wrong.
The attack uses three parallel implementations of the same RAT PowerShell for Windows, compiled C++ for macOS, Python for Linux that share an identical C2 protocol, command set, message format, and operational behavior.
Step 1: Determine If You Are Affected
You are potentially affected if:
- You ran
npm install(ornpm update) between ~00:21 UTC and 03:29 UTC on March 31, 2026, and - Your lockfile was not pinned to a safe prior version.
Check for these indicators of compromise:
plain-crypto-jsinnode_modules: its presence means the dropper ran.- macOS:
/Library/Caches/com.apple.act.mond - Windows:
%PROGRAMDATA%\wt.exe - Linux:
/tmp/ld.py
You can also run this to quickly check your lockfile:
grep -E '"axios"' package-lock.json
Step 2: If You ARE Compromised
If a RAT artifact is found, treat the system as fully compromised. Do not attempt to clean in place rebuild from a known-good state.
Rotate all credentials on any system where the malicious package ran: npm tokens, AWS access keys, SSH private keys, cloud credentials (GCP, Azure), CI/CD secrets, and any values present in .env files accessible at install time.
Then immediately isolate the machine from your network to stop any ongoing C2 communication.
Step 3: Remediate (Safe or Not)
Downgrade immediately:
npm install [email protected]
Revert to the last known safe versions: [email protected] for 1.x users, or [email protected] for 0.x users.
Pin axios to a known safe version in your package.json. Commit your lockfile and ensure CI uses npm ci (not npm install) to enforce lockfile integrity. Also consider adding plain-crypto-js to a blocklist in your package manager or security tooling.
Step 4: Harden Against Future Attacks
Consider enabling --ignore-scripts for npm installs in CI environments where lifecycle hooks are not needed:
npm install --ignore-scripts
This prevents postinstall scripts from running entirely, which would have blocked this attack vector. Be aware that it can break packages that legitimately need post-install steps (native addons, for example).
Additional hardening steps:
- Audit your dependencies regularly with
npm auditor tools like Snyk. - Never use floating version ranges (e.g.,
^1.14.0) in production, pin exact versions. - Monitor outbound network connections from your CI/CD runners for unexpected domains.
- Rotate long-lived npm tokens: this attack exploited a long-lived
NPM_TOKENthat bypassed MFA.
Quick Reference Summary
| Item | Detail |
|---|---|
| Affected versions | [email protected], [email protected] |
| Safe versions | [email protected], [email protected] |
| Malicious dependency | [email protected] |
| Attack type | Supply chain / RAT dropper |
| C2 domain | sfrclak.com:8000 |
| Exposure window | 00:21–03:29 UTC, March 31, 2026 |
If there’s any doubt whether your environment was affected, treat it as compromised and rotate all credentials. The 15-second install-to-compromise window means there’s no safe way to be certain without a full audit.