Hero image for: Axios npm Compromise (Briefing): Malicious 1.14.1 / 0.30.4 and RAT Chain

Security

Axios npm Compromise (Briefing): Malicious 1.14.1 / 0.30.4 and RAT Chain

Edited by SignalStack · Corrections

TLDR

SignalStack Tech Report · March 31, 2026 · Security / Supply Chain

Why this briefing exists: same incident as our full Axios npm analysis—this page is a short entry point for readers who land on the alternate slug. Use the long article for Key details, The SignalStack angle (including OIDC vs manual publish), and numbered response steps.

Axios, one of the most widely used JavaScript HTTP clients, was compromised on npm through malicious releases 1.14.1 and 0.30.4. Attackers hijacked a primary maintainer account and manually published packages that introduced a fake dependency, per incident analysis, plain-crypto-js@4.2.1, as a RAT dropper.

The payload chain targeted macOS, Windows, and Linux and used anti-forensics (self-delete and decoy metadata swap), which made quick detection harder.

Malicious Code Injection
Malicious Code Injection

What happened

On March 30, 2026, malicious Axios versions were published to npm: axios@1.14.1 and axios@0.30.4.

According to incident reporting, the attacker compromised a primary maintainer npm account, changed account details, and bypassed the normal trusted publishing flow by using manual CLI publication.

The malicious releases added dependency plain-crypto-js@4.2.1. It was not needed for Axios functionality; its post-install logic behaved as a cross-platform RAT dropper.

The reported chain contacted an external C2 endpoint and attempted to fetch platform-specific second-stage payloads. The package then used anti-forensics behavior, including self-removal and replacing package metadata with a clean decoy.

Why it matters

Axios has massive downstream usage. A short-lived compromise can still produce a large blast radius across CI pipelines, developer machines, and production build environments.

This incident also shows a recurring supply-chain pattern: trusted maintainer identity is often a higher-value target than repository code quality. Even mature projects can be abused if account controls fail.

For security teams, the main lesson is operational: treat package manager installs as execution surfaces, not passive downloads. Dependency install time is an active attack window.

Key details at a glance

  • Bad versions: axios@1.14.1, axios@0.30.4 (removed after discovery).
  • Injected dependency: plain-crypto-js@4.2.1 (phantom dependency; postinstall RAT dropper).
  • Platforms: macOS, Windows, Linux second-stage payloads.
  • Detection clue: Legitimate releases often follow trusted automation; malicious versions were manually published.
  • Safe lines (examples): axios@1.14.0, axios@0.30.3 after verification—see vendor and registry sources.
Developer Facing Threat
Developer Facing Threat

If you were affected

Downgrade or pin Axios immediately to known-safe versions (1.14.0 / 0.30.3 or newer verified safe releases).

Search dependency trees and build logs for plain-crypto-js and investigate any install-time script execution during the affected window.

Rotate credentials potentially exposed on affected hosts (npm tokens, cloud keys, CI secrets, SSH keys, API keys).

For high-confidence recovery, rebuild impacted environments from known-good images rather than relying only on file cleanup.

Tighten guardrails: enforce lockfiles, reduce install script exposure in CI where feasible, and alert on unusual publishing/signing patterns in critical dependencies.

What to watch next

  1. npm and ecosystem hardening — Maintainer account controls, anomalous release detection, trust attestation.
  2. Dependency runtime monitoring — Stricter CI around install-time scripts.
  3. Attribution updates — Actor capability and intent shaping defensive priority.
  4. Full analysis — See the main SignalStack article for The SignalStack angle and Microsoft / Sapphire Sleet reporting.

The SignalStack angle

This slug is a briefing: the full editorial take—OIDC vs manual token, phantom dependencies, and Sapphire Sleet attribution—lives in the primary axios incident article. Do not use this page alone as your IR runbook.

Disclaimer: Not legal or incident-response advice; verify versions from official sources.

FAQ

Q What is Axios and why is its compromise significant?

A Axios is a widely used JavaScript HTTP client in browser and Node.js projects. Its popularity makes any compromise high impact because many downstream systems inherit risk quickly.

Q How can I quickly check potential exposure?

A First verify whether axios@1.14.1 or axios@0.30.4 was installed. Then check lockfiles, CI logs, and node_modules history for plain-crypto-js during the same period.

Q Is rollback enough?

A Not always. If installation occurred on sensitive systems, treat it as possible host compromise: isolate, investigate, rotate credentials, and rebuild from known-good baselines when needed.

Q Why is this considered a supply-chain attack?

A The attacker compromised a trusted upstream dependency path. Consumers were targeted indirectly through normal package installation workflows.

Q What should teams improve long term?

A Combine dependency pinning, release anomaly monitoring, least-privilege token policies, and CI controls for install-time script execution.

Keep reading

More stories from SignalStack

Back to top