axios npm Supply Chain Attack — March 31, 2026
March 31, 2026 · PackageFix · Breaking · Updated as new information emerges
🚨 Critical — Active Supply Chain Attack
axios@1.14.1 and axios@0.30.4 are malicious. A compromised maintainer account was used to publish backdoored releases containing a cross-platform Remote Access Trojan. Safe versions: axios@1.14.0 (1.x) or axios@0.30.3 (0.x). If you ran npm install between 00:21–03:30 UTC on March 31, 2026 and resolved either malicious version, treat your system as compromised.
What happened
On March 31, 2026, an attacker compromised the npm account of the primary axios maintainer and published two malicious versions of axios — one of the most widely-used JavaScript libraries with approximately 100 million weekly downloads.
The malicious versions did not modify axios source code directly. Instead, they added a hidden dependency — plain-crypto-js@4.2.1 — to the package.json. When npm installed axios@1.14.1, it automatically pulled in plain-crypto-js@4.2.1 and executed its postinstall hook. That script was a RAT dropper targeting macOS, Windows, and Linux.
Immediate action
# Check your current axios version
npm list axios
# Check if plain-crypto-js is present
grep -r "plain-crypto-js" package-lock.json
# If affected - downgrade immediately
npm install axios@1.14.0
# For 0.x users
npm install axios@0.30.3
# Commit the fix
git add package.json package-lock.json
git commit -m "security: downgrade axios - supply chain attack (GHSA-fw8c-xr5c-95f9)"
How the attack worked
The attack was pre-staged 18 hours in advance. plain-crypto-js@4.2.0 was published on March 30 as a clean decoy to establish a brief package history and avoid "brand-new package" alarms from security scanners. plain-crypto-js@4.2.1 containing the payload was then published just before the malicious axios releases.
The dropper used two layers of obfuscation: reversed Base64 encoding with padding substitution, and XOR cipher with a hardcoded key. After execution, it deleted itself and replaced its package.json with a clean decoy — leaving no obvious trace in node_modules for a developer inspecting after the fact.
Attack timeline
Mar 30, 05:57 UTCplain-crypto-js@4.2.0 published (clean decoy to establish history)
Mar 30, 23:59 UTCplain-crypto-js@4.2.1 published with RAT payload
Mar 31, 00:21 UTCaxios@1.14.1 published via compromised jasonsaayman account
Mar 31, 01:00 UTCaxios@0.30.4 published via same compromised account
Mar 31, ~03:30 UTCMalicious versions removed from npm by registry
Mar 31, 04:30 UTCStepSecurity publishes full technical analysis
Mar 31, ongoingCVE assignment in progress: GHSA-fw8c-xr5c-95f9 / MAL-2026-2306
Indicators of Compromise (IOCs)
| Type | Indicator | Description |
|---|
| npm package | axios@1.14.1 | Malicious axios release |
| npm package | axios@0.30.4 | Malicious axios release (0.x branch) |
| npm package | plain-crypto-js@4.2.1 | RAT dropper package |
| C2 domain | sfrclak.com | Command and control server |
| C2 endpoint | sfrclak.com:8000 | RAT beacon address |
| File | setup.js in plain-crypto-js | Dropper script |
| npm account | jasonsaayman | Compromised maintainer account |
If plain-crypto-js ran on your machine
The malware self-deletes after execution. Absence from node_modules does not mean it did not run. If your build logs show npm install ran during 00:21–03:30 UTC March 31 and resolved axios@1.14.1 or axios@0.30.4, assume credential exfiltration occurred. Rotate everything: API keys, tokens, SSH keys, database passwords.
Why axios was targeted
axios is present in approximately 80% of cloud and code environments. It is a direct or transitive dependency in millions of applications. The attacker targeted the 1.x and 0.x branches simultaneously to maximize exposure across both modern and legacy codebases. The attack appears to be espionage or APT activity — no cryptocurrency mining or ransomware components were found, suggesting credential harvesting and intelligence gathering rather than immediate financial gain.
How PackageFix helps
Paste your package-lock.json into PackageFix. If your lockfile resolves axios@1.14.1 or axios@0.30.4, PackageFix will flag it as malicious and show the safe downgrade version. It also detects plain-crypto-js@4.2.1 as a known malicious package via the OSV database.
Check your lockfile for plain-crypto-js or axios@1.14.1 right now.
Scan with PackageFix →Free · No signup · Paste your package-lock.json · Instant results
Common questions
Am I affected if I did not install axios today?
You are only affected if you ran npm install (or a CI/CD pipeline ran it) between approximately 00:21 UTC and 03:30 UTC on March 31, 2026, AND the resolved axios version was 1.14.1 or 0.30.4. If your package-lock.json shows axios@1.14.0 or earlier, you are not affected from this incident.
How do I check if plain-crypto-js was installed?
Run: grep -r plain-crypto-js node_modules/ package-lock.json. If you find it, your system was exposed. The malicious package was designed to self-delete after execution, so absence in node_modules does not guarantee safety if it ran during installation.
What should I do if I installed the malicious version?
Treat the machine as fully compromised. Isolate it from the network. Re-image or restore from a clean backup taken before March 30, 2026. Rotate all credentials that were accessible from the machine: API keys, GitHub tokens, AWS/cloud credentials, database passwords, SSH keys. Review CI/CD pipeline logs for unauthorized activity.
Are axios@1.14.0 and axios@0.30.3 safe?
Yes. These are the safe versions. axios@1.14.0 is the last clean 1.x release. axios@0.30.3 is the last clean 0.x release. If you are on any other version of axios, check whether it predates the malicious releases - versions below 1.14.1 and below 0.30.4 are not affected by this specific attack.
How did the attacker compromise the axios maintainer account?
The exact compromise vector has not been publicly confirmed. The attacker changed the registered email on the jasonsaayman npm account to an anonymous ProtonMail address to lock out the legitimate owner. The attack was pre-staged 18 hours in advance with a clean decoy package (plain-crypto-js@4.2.0) published before the malicious version.
Will axios@1.14.1 appear as a vulnerability in PackageFix?
Yes - PackageFix checks against the OSV database which has assigned GHSA-fw8c-xr5c-95f9 to this incident. Paste your package-lock.json and PackageFix will flag axios@1.14.1 and axios@0.30.4 as malicious with a link to the full incident report.
What is plain-crypto-js@4.2.1?
plain-crypto-js@4.2.1 is a purpose-built malicious package created specifically for this attack. It was designed to look like a legitimate crypto library. Its package.json mimics the real crypto-js library. It has no legitimate functionality - its only purpose is to execute the postinstall dropper script that installs the RAT.