What Happened
On March 31, 2026, malicious versions of Axios -- one of the most widely used HTTP libraries in the Node.js ecosystem -- were published to NPM. Versions 1.14.1 and 0.30.4 contained a hidden dependency that deployed a remote access trojan across macOS, Windows, and Linux. The window was roughly three hours before NPM pulled the packages. If your CI/CD pipeline ran npm install during that window, you may have been compromised.
An attacker hijacked the NPM account of an Axios maintainer and published two new versions. Both injected a dependency called plain-crypto-js that had never been part of Axios before. That package contained a postinstall hook -- a script that runs automatically during npm install -- which downloaded and executed a platform-specific RAT binary.
The payloads were tailored per OS: a macOS binary dropped into /Library/Caches/, a PowerShell persistence mechanism on Windows, and a Python RAT on Linux. All phoned home to a command-and-control server. The dropper then cleaned up after itself, deleting the malicious script and replacing its package.json with a clean stub to cover its tracks.
Why This Matters for Infrastructure Teams
Axios has over 60 million weekly downloads. If it is in your dependency tree -- and if you run any Node.js services, it almost certainly is -- your build pipeline is a potential execution vector for this kind of attack. This was not a theoretical supply chain vulnerability. It was a live, weaponized compromise with a working RAT.
The bigger concern is how easy this was. One compromised maintainer account. One postinstall hook. Three hours of exposure. That is the entire attack surface.
What You Should Do
First, check whether you pulled the affected versions. If axios@1.14.1 or axios@0.30.4 exist anywhere in your node_modules or lockfiles, downgrade immediately to 1.14.0 or 0.30.3. Remove any plain-crypto-js directory. Check for the RAT artifacts: /Library/Caches/com.apple.act.mond on macOS, /tmp/ld.py on Linux, %PROGRAMDATA%\wt.exe on Windows. If any of those exist, assume full compromise and rotate every secret on that machine.
Second, harden your build pipeline going forward:
- Pin your dependencies. Use exact versions in your lockfile and review any version bumps before merging.
- Run
npm install --ignore-scriptsin CI/CD. Postinstall hooks are the primary execution vector for NPM supply chain attacks. Disable them in automated builds and only allow them where explicitly needed. - Use a private registry or proxy. Tools like Verdaccio, Artifactory, or even a simple caching proxy give you a checkpoint between the public registry and your build servers.
- Monitor for anomalous network connections. StepSecurity's Harden-Runner caught this because it flagged unexpected outbound connections during GitHub Actions runs. If your CI/CD does not have network monitoring, you are flying blind.
- Enable two-factor authentication on every NPM account in your org. This attack started with a hijacked account. MFA does not make it impossible, but it raises the bar significantly.
The Takeaway
Supply chain attacks on package registries are not new, but they are getting more sophisticated. The Axios compromise used anti-forensics to hide its tracks, platform-specific payloads for maximum coverage, and targeted one of the most trusted packages in the ecosystem. The three-hour window was small, but automated pipelines that run on every commit can pull a compromised dependency within minutes of publication.
The lesson is not to stop using open source dependencies. The lesson is to treat your dependency pipeline with the same rigor you apply to your production network. Pin versions. Audit changes. Monitor your builds. The supply chain is part of your attack surface whether you acknowledge it or not.