Axios Supply Chain Attack

Using compromised credentials of a lead maintainer of Axios an attacker published poisoned packages to npm: axios@1.14.1 and axios@0.30.4. The malicious versions inject a new dependency, plain-crypto-js@4.2.1, which is never imported anywhere in the axios source code.

Together the two affected packages reach up to 100 million weekly downloads on npm, which means it has a huge impact radius across web apps, services, and pipelines.

It is important to note that the affected Axios version does not appear in the project’s official GitHub tags. This means that the people and projects affected are developers and environments which ran npm install that resolved to:

• axios@1.14.1 or axios@0.30.4, or

• the dependency plain-crypto-js@4.2.1.

Any workflow that installed one of those versions with scripts enabled may have exposed all injected secrets (cloud keys, repo deploy keys, npm tokens, etc.) to an interactive attacker, because the postinstall script (node setup.js) that runs automatically on npm install downloaded an obfuscated dropper that retrieves a platform‑specific RAT payload for macOS, Windows, or Linux.

As someone who uses npm every day this is extremely concerning news and I’m surprised it hasn’t reached many yet (at last no one in my inner dev circle knew about this until I told them).

Have any of you been impacted or compromised by the attack?

It was one of a couple similar similar attacks like LiteLLM and Trivy.

As someone who works in security I can tell you many have been busy with this. I expect some companies will have been badly hit if they did not respond correctly.

It is also my prediction that we will see more and more of these attacks, partly driven by generative AI.