One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being [1]described as "one of the most impactful npm supply chain attacks on record."

The poisoned versions, "axios@1.14.1" and "axios@0.30.4," made it onto the npm registry before being yanked, though not before some unlucky devs and CI pipelines pulled them in. Rather than tampering with axios's own code, the intruders took a subtler route, slipping in a dependency that had no business being there and no role in the library's functionality.

Axios is a widely used JavaScript HTTP client that developers rely on to send requests between applications and web services. It's embedded in everything from front-end apps to back-end systems and racks up around 100 million downloads each week, meaning even a short-lived compromise can spread quickly.

[2]

The releases didn't come through the project's usual build process either. Security firm [3]StepSecurity found that both versions were published via the compromised npm account of "jasonsaayman," the project's primary maintainer, who was [4]reportedly locked out of the account while the packages were being pushed.

[5]

[6]

The attackers swapped the account's email address for an anonymous ProtonMail inbox and pushed the infected packages manually via the npm CLI, completely bypassing the project's GitHub Actions CI/CD pipeline and the safeguards developers tend to assume are in place.

[7]npmx package browser released as alpha to fix pain of using npmjs

[8]PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle

[9]Crims poison 150K+ npm packages with token-farming malware

[10]Invisible npm malware pulls a disappearing act – then nicks your tokens

The added package, "plain-crypto-js@4.2.1," existed purely as a delivery mechanism. Its post-install script phones home, fetches a second-stage payload, and sets about dropping malware tailored to whatever it finds. On macOS it disguises itself as a system daemon, on Windows it leans on PowerShell, and on Linux it falls back to a Python backdoor. It also tries to cover its tracks, clearing out traces that might give the game away.

StepSecurity said the campaign showed a level of planning well beyond the usual smash-and-grab npm compromise. "This was not opportunistic," said Ashish Kurmi, the firm's CTO and co-founder. "The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct. This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."

The incident also comes during a rough stretch for npm. Campaigns such as "Shai-Hulud" and its follow-up, "Shai-Hulud 2.0," show attackers increasingly targeting the software supply chain itself, seeding malicious packages to siphon credentials, hijack environments, or quietly maintain persistence within developer tooling.

[11]

Developers who installed either affected version are being urged to act immediately. "If you have installed axios@1.14.1 or axios@0.30.4, assume your system is compromised," Kurmi said.

In practice, that means ripping out dependencies, rotating credentials, and, for some, rebuilding machines from scratch. Given how widely axios is used, the cleanup won't be quick. ®

Get our [12]Tech Resources



[1] https://www.aikido.dev/blog/axios-npm-compromised-maintainer-hijacked-rat

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2acvvpSi0bAONGA5AM7pHlwAAAMc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

[4] https://socket.dev/blog/axios-npm-package-compromised

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44acvvpSi0bAONGA5AM7pHlwAAAMc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33acvvpSi0bAONGA5AM7pHlwAAAMc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2026/03/05/npmx_package_browser_released_as/

[8] https://www.theregister.com/2025/11/28/posthog_shaihulud/

[9] https://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/

[10] https://www.theregister.com/2025/10/30/phantomraven_npm_malware/

[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cso&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44acvvpSi0bAONGA5AM7pHlwAAAMc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[12] https://whitepapers.theregister.com/