Six weeks ago, axios was attacked. Someone hijacked an npm package that 93 million developers download every week. The attacker had patience — they staged a clean version first, waited, then pushed the malicious payload.
Last month, LiteLLM was compromised the same way. 97 million monthly downloads. Same pre-staged attack pattern.
Both packages had something in common: one person held the keys.
I wanted to know how many packages in my own projects had that same profile. Here's what I found.
The setup: 5 lines of YAML
Add this workflow to .github/workflows/supply-chain-audit.yml:
name: Supply Chain Audit
on:
push:
paths: ['package.json', 'package-lock.json', 'bun.lock']
pull_request:
paths: ['package.json', 'package-lock.json', 'bun.lock']
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: piiiico/proof-of-commitment@main
That's it. The action auto-detects your package.json or requirements.txt, hits the Commit audit API, and writes results to your GitHub Step Summary.
Optional: set fail-on-critical: true to block PRs that introduce CRITICAL packages.
What I found
Running this against a typical Node.js project with axios, zod, chalk, lodash, and express:
| Package | Risk | Score | Maintainers | Downloads/wk | Age |
|---|---|---|---|---|---|
chalk |
🔴 CRITICAL | 75 | 1 | 380M | 12.7y |
zod |
🔴 CRITICAL | 83 | 1 | 133M | 6.1y |
axios |
🔴 CRITICAL | 89 | 1 | 93M | 11.6y |
lodash |
🟢 OK | 94 | 3 | 125M | 14.0y |
express |
🟢 OK | 97 | 5 | 85M | 15.3y |
Three CRITICAL packages. Including two I'd call "boring infrastructure" — chalk for terminal colors, zod for schema validation.
What CRITICAL actually means
The CRITICAL flag triggers when two conditions combine:
- Sole maintainer — one person controls publishing to npm
- >10M weekly downloads — the package is deeply embedded across the ecosystem
This isn't about whether the package is good or trustworthy. Chalk is excellent. Zod is excellent. Axios was excellent until six weeks ago.
The risk is structural: a single compromised credential — stolen token, phishing, account hijack — gives an attacker write access to a package running on hundreds of millions of machines. That's the same risk profile that enabled both the axios and LiteLLM attacks.
Lodash and express are 🟢 OK not because they're "safer code," but because they have 3+ maintainers. Multiple credentials need to be compromised simultaneously.
Why the download count matters
High-download, sole-maintained packages are high-value targets precisely because they're everywhere. Attackers don't compromise obscure packages — they pick packages that run in CI pipelines, in production servers, in developer laptops.
The axios attack worked because developers trusted it implicitly. It was 11 years old with an impeccable history. That history is real. But history doesn't protect against a stolen token.
Add a badge to your README
[](https://github.com/YOUR_ORG/YOUR_REPO/actions/workflows/supply-chain-audit.yml)
What to do with the results
Finding CRITICAL packages doesn't mean you should immediately remove them. It means you should:
- Know which packages have this profile — so you're not surprised if one is compromised
- Pin versions for CRITICAL packages in your lock file and review updates manually
-
Set
fail-on-critical: trueif you want to block PRs that introduce new CRITICAL dependencies without review - Watch for anomalies — sudden version bumps from solo maintainers after years of stable releases are the signal that preceded both the axios and LiteLLM attacks
The audit is behavioral, not static. It looks at download trends, maintainer history, and structural risk — the same signals an attacker evaluates before picking a target.
Try it
The action is open source: piiiico/proof-of-commitment
Scored by Commit — behavioral commitment signals for supply chain trust. The full API is also available if you want to integrate this into your own tooling.
The axios supply chain attack happened April 1, 2026. The LiteLLM compromise was March 2026. Both followed the same pre-staging pattern. Both were preventable with earlier visibility into maintainer structure.
Top comments (0)