TL;DR
On March 31, 2026, attackers compromised the primary maintainer’s npm account for Axios, the most popular JavaScript HTTP client with 83 million weekly downloads. They published malicious versions (1.14.1 and 0.30.4) containing a cross-platform RAT that steals credentials, SSH keys, and cloud tokens from developer machines. Downgrade to Axios 1.14.0 immediately, rotate all secrets, and scan for indicators of compromise on your system.
Introduction
Axios processes more HTTP requests than any other JavaScript library. If you’ve built an API client, tested endpoints, or connected a frontend to a backend in the last five years, you’ve probably used it.
On March 31, 2026, at 00:21 UTC, a threat actor published Axios version 1.14.1 through a hijacked maintainer account. The package looked identical to the legitimate release. The diff was surgical: only package.json changed across 86 files. But that single file injected a phantom dependency called plain-crypto-js that deployed a remote access trojan to every machine running npm install.
The malicious versions stayed live for roughly two to three hours before npm pulled them. Two to three hours across 83 million weekly downloads.
💡 Note: If you’re building or testing APIs, this attack targeted your toolchain directly. Apidog’s built-in HTTP client eliminates the need for third-party HTTP libraries in your API testing workflow, removing this entire attack surface. Download Apidog free to follow along with the security audit steps below.
This article breaks down how the attack worked, how to detect if your systems are compromised, and what API teams should change about their dependency management going forward.
How the Axios supply chain attack unfolded
The timeline
Here’s the attacker’s sequence:
-
March 30, 05:57 UTC: Published clean decoy package
plain-crypto-js@4.2.0to npm. -
March 30, 23:59 UTC: Published malicious
plain-crypto-js@4.2.1with apostinstallhook dropper. -
March 31, 00:21 UTC: Released
axios@1.14.1using the compromised account. -
March 31, 01:00 UTC: Released
axios@0.30.4, targeting projects pinned to 0.x. - March 31, ~03:15 UTC: npm unpublished both Axios versions after reports.
-
March 31, 04:26 UTC: npm published a security-holder stub for
plain-crypto-js.
How the account was compromised
- The attacker took over the
jasonsaaymannpm account (primary Axios maintainer). - They changed the registered email and used stolen long-lived npm access tokens.
- Legitimate Axios releases use GitHub Actions with npm’s OIDC Trusted Publisher mechanism; the malicious versions lacked this.
- No
gitHeadfield meant no corresponding GitHub commits.
Actionable tip:
If your org publishes npm packages, automate checks for OIDC binding and CI/CD provenance on releases.
The dependency injection technique
- Only
package.jsonwas changed: addedplain-crypto-js@^4.2.1as a runtime dependency. - This package wasn't imported by Axios and existed only to trigger its
postinstallhook duringnpm install. - Binary analysis: only
package.jsondiffered between 1.14.0 (clean) and 1.14.1 (compromised).
What the malicious payload does
The dropper mechanism
The postinstall hook in plain-crypto-js executed an obfuscated setup.js (4.2 KB):
-
Layer 1: XOR cipher (key:
"OrDeR_7077") - Layer 2: Base64 encoding with character reversal
After decoding, the dropper executed platform-specific payloads.
Platform-specific attack paths
macOS:
# Writes AppleScript and executes payload
Writes AppleScript to /tmp/6202033
Executes via osascript
Downloads payload to /Library/Caches/com.apple.act.mond
Windows:
# Copies PowerShell and executes dropper
Copies PowerShell to %PROGRAMDATA%\wt.exe
Executes VBScript dropper via cscript
Linux:
# Downloads and runs Python RAT
Downloads Python RAT to /tmp/ld.py
Executes via nohup python3
All variants contacted a C2 server with platform-specific POST bodies:
- macOS:
packages.npm.org/product0 - Windows:
packages.npm.org/product1 - Linux:
packages.npm.org/product2
RAT capabilities
The RAT enabled:
- Arbitrary shell command execution
- File system enumeration and exfiltration
- Process listing and injection
- In-memory binary injection (fileless execution)
- 60-second beacons to C2
In short: attacker got full remote control—could steal .env files, API keys, SSH keys, and cloud provider tokens.
Anti-forensics: the self-cleaning payload
Post-execution, the dropper:
- Deleted
setup.js - Deleted the malicious
package.json - Renamed a pre-staged
package.md(showing version 4.2.0) topackage.json
This meant npm list would show a benign version even after compromise.
Who’s behind this attack
Google Threat Intelligence Group attributed the Axios attack to UNC1069, a suspected North Korean threat actor, with malware overlapping the WAVESHAPER backdoor. North Korean state groups are known for supply chain attacks, often targeting developer tools to steal credentials and cloud infrastructure access.
Key indicators: two-stage dependency injection, multi-platform RAT, anti-forensic cleanup.
How to check if you’re affected
Step 1: Check your Axios version
In every project using Axios:
npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"
If you see results, your project installed a compromised version.
Step 2: Check for the malicious dependency
ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENTIALLY AFFECTED"
Directory presence confirms payload execution, even if cleanup ran.
Step 3: Check for RAT artifacts on your system
macOS:
ls -la /Library/Caches/com.apple.act.mond 2>/dev/null
Linux:
ls -la /tmp/ld.py 2>/dev/null
Windows (PowerShell):
Test-Path "$env:PROGRAMDATA\wt.exe"
Step 4: Check network indicators
Block & scan for connections to:
-
C2 domain:
sfrclak.com -
C2 IP:
142.11.206.73 -
C2 URL:
http://sfrclak.com:8000/6202033
Step 5: Check CI/CD build logs
Review CI/CD runs between March 31 00:21 UTC and 03:15 UTC. Any npm install/npm ci during this window that resolved Axios could have executed the dropper.
Immediate remediation steps
If you find any indicators, treat the system as compromised. Take these steps:
1. Downgrade Axios
npm install axios@1.14.0
Or for the 0.x branch:
npm install axios@0.30.3
2. Add version overrides to your package.json
Prevent transitive installs of malicious versions:
For npm:
{
"overrides": {
"axios": "1.14.0"
}
}
For Yarn:
{
"resolutions": {
"axios": "1.14.0"
}
}
3. Remove the malicious package
rm -rf node_modules/plain-crypto-js
4. Rotate all credentials
Assume the following are compromised and rotate:
- npm tokens
- Cloud credentials (AWS/GCP/Azure)
- SSH keys
- GitHub tokens
- API keys in
.env - Database credentials
- Any secrets in environment variables
5. Block C2 at the network level
echo "0.0.0.0 sfrclak.com" | sudo tee -a /etc/hosts
6. If artifacts are found, rebuild the machine
If RAT artifacts are present, do not trust the system—rebuild from a known-good state.
Long-term defenses for API development teams
Use lockfiles and pin exact versions
The attack exploited ^ semver ranges. Always pin exact versions in package.json:
{
"dependencies": {
"axios": "1.14.0"
}
}
- Commit your
package-lock.jsonoryarn.lock. - Use
npm ciin CI/CD to enforce lockfile resolution.
Disable postinstall scripts in CI/CD
Prevent postinstall hooks from running:
npm ci --ignore-scripts
Test builds first; if some packages need scripts, use .npmrc:
ignore-scripts=true
Audit dependencies regularly
npm audit
npx socket-security/cli audit
Run these in CI/CD; fail builds on critical/high vulnerabilities.
Reduce your HTTP client dependency surface
Why depend on a third-party HTTP client for API testing?
Apidog provides a built-in HTTP client for API testing, debugging, and docs—no Axios, node-fetch, or got required. This removes npm HTTP client dependencies.
For API testing, move HTTP requests into Apidog to eliminate this attack surface:
- API testing: Use Apidog’s visual test builder instead of Axios scripts
- API debugging: Use Apidog’s request inspector, not custom code
- Mock servers: Use Apidog’s smart mock, not Express + Axios
- CI/CD integration: Use Apidog CLI for automated tests without npm HTTP dependencies
Try Apidog free to see how this approach reduces supply chain risk.
Verify package provenance
npm supports package provenance via Sigstore. Check signatures:
npm audit signatures
Legitimate releases have OIDC provenance. If a new version lacks it, treat with suspicion.
What this means for the JavaScript ecosystem
The trust model is broken
npm’s trust model hinges on maintainer account security. A single stolen credential can compromise a package used by millions. 2FA helps, but long-lived tokens are still a risk.
Community proposals:
- Require OIDC publishing for high-download packages
- Two-person release approval for critical libs
- Runtime permission scoping for postinstall scripts (like Deno)
Supply chain attacks aren’t slowing down
This incident follows others in RubyGems and PyPI. Package registries are under sustained attack. Treat your dependency tree as an attack surface, not just a convenience.
“NPM is the biggest weakness of the internet today and it will still cause a giant catastrophe.”
— Reddit user
Comparison: HTTP client dependency approaches
| Approach | Supply chain risk | Maintenance burden | Testing capability |
|---|---|---|---|
| Axios + custom scripts | High (third-party dependency) | High (version management) | Manual setup required |
| Node.js native fetch | Low (built into runtime) | Low | Limited testing features |
| Apidog built-in client | None (no npm dependency) | None (platform-managed) | Full testing, mocking, docs |
| curl/httpie scripts | Low (system-level tool) | Medium | Limited automation |
FAQ
Is Axios safe to use now?
Yes. Versions 1.14.0 and 0.30.3 are clean. The compromised versions (1.14.1 and 0.30.4) were unpublished within three hours. Verify with npm list axios and check your lockfile.
How do I know if the RAT ran on my machine?
Check for platform-specific artifacts:
- macOS:
/Library/Caches/com.apple.act.mond - Linux:
/tmp/ld.py - Windows:
%PROGRAMDATA%\wt.exe - Also check for
node_modules/plain-crypto-jsin your projects
Note: The dropper cleans up after itself. Absence of artifacts doesn't guarantee safety if you installed a compromised version.
Should I stop using Axios entirely?
Not necessarily. Axios is well-maintained, but evaluate if you need a third-party HTTP client at all. Node.js 18+ includes native fetch. For API testing, platforms like Apidog provide built-in HTTP clients that eliminate this dependency.
How can I prevent supply chain attacks in my projects?
- Pin exact dependency versions
- Commit lockfiles
- Run
npm ci --ignore-scriptsin CI/CD - Audit dependencies regularly
- Verify package provenance with
npm audit signatures - Minimize your dependency tree
- Move API testing to integrated platforms that don’t require npm HTTP packages
Was this attack related to the Claude Code source leak?
No. Both happened on March 31, 2026, but are unrelated. Axios was a supply chain compromise; Claude Code leak was due to a Bun build tool bug.
Who was behind the Axios attack?
Google Threat Intelligence attributes it to UNC1069 (North Korea). The macOS malware overlaps the WAVESHAPER backdoor. These groups have extensive supply chain attack experience.
How many developers were affected?
The malicious versions were live for ~2–3 hours. With 83 million weekly downloads, potential exposure is high, but npm hasn’t released official numbers. StepSecurity reported the dropper contacted C2 within 1.1 seconds of npm install starting.
Can Apidog help prevent supply chain attacks?
Apidog eliminates a major attack vector by providing a built-in HTTP client for API testing, debugging, and documentation. No need to install Axios or other HTTP libraries for testing workflows, reducing your npm dependency surface.
Key takeaways
- The Axios supply chain attack compromised 83M+ weekly downloads through a single stolen maintainer account
- The RAT targeted macOS, Windows, and Linux, stealing credentials, SSH keys, and cloud tokens
- Check your systems immediately using the detection steps above
- Pin exact dependency versions and disable postinstall scripts in CI/CD
- Reduce your HTTP client dependency surface using built-in tools like Apidog for API testing
- Package registry security is a systemic problem affecting npm, PyPI, and RubyGems
The Axios attack is a wake-up call. Every dependency in your node_modules is a trust decision. Make sure you’re making those decisions deliberately, not by default.
Top comments (0)