The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. 

Introduction: Axios supply chain compromise 

A critical software supply chain attack compromised “Axios,” a highly popular npm package with over 100 million weekly downloads, commonly used as a promise-based HTTP client for the browser and Node.js. 

Attackers successfully hijacked a maintainer account and embedded a hidden, malicious dependency into two newly published versions of Axios. The attacker injected a malicious package called “plain-crypto-js” into the dependency tree of the Axios package. The package “plain-crypto-js” utilized a postinstall script to execute a remote access trojan (RAT) dropper during the installation process.

Because the embedded malware executes immediately upon installation of this highly popular NPM package, the scope of this breach is potentially massive. Any environment that downloaded these compromised versions of Axios is at risk of severe data theft, including the loss of credentials and API keys.

Frequently asked questions (FAQs) about Axios supply chain attack

When was the Axios npm package first compromised?

The first malicious versions of Axios were uploaded on March 31, 2026 at 1 AM UTC.

What happened? What did threat actors do? 

Attackers hijacked the npm account of Axios’s lead maintainer and published two malicious versions of the Axios package: version “1.14.1” and version “0.30.4”.

Rather than altering Axios’s source code, they added “[email protected]” as a dependency for the Axios package.

Installing “plain-crypto-js” automatically executes a double-obfuscated Node.js dropper (setup.js) using npm’s postinstall lifecycle hook. “postinstall” hooks can be used to execute code during the installation process. This is a very common technique used by malicious npm packages that we expect to see more and more in the future.

Once deobfuscated, the dropper identified the victim’s host operating system and reached out to the attacker’s command and control (C2) server (sfrclak[.]com:8000) to pull a second-stage payload.

The second stage payload is a RAT tailored to the OS, supporting MacOS, Windows, and Linux.

Has the Axios developer addressed this issue?

All of the malicious versions of Axios have been removed from the public registry. It is now safe to install new versions of Axios.

How can I tell if I’m running malicious versions of Axios? 

To determine if you are affected, scan your environment for the presence of the malicious versions of the affected packages. Look specifically for versions 1.14.1 and 0.30.4 and these other indicators of compromise (IOCs):

The presence of the vulnerable versions in the filesystem likely means that it was installed using the npm package manager, and therefore, infected the relevant host. 

That’s why you should treat any system where you find malicious versions of Axios as fully compromised and immediately implement relevant incident response and containment playbooks.

If affected, organizations must immediately quarantine hosts, apply incident response playbooks, and rotate all exposed secrets. In the last supply chain attacks we observed, attackers were very quick to abuse any exposed secrets, credentials, or API keys, usually abusing them a couple of hours after leakage. This highlights how short the window is for response for defenders.

Because these attacks will keep happening, passive defense is insufficient. Organizations must implement strict security measures — such as minimum package age policies, pinning dependencies, auditing lockfiles, and actively scanning environments — to protect against the next inevitable supply chain compromise.

How can Tenable help me address the supply chain attack on the Axios npm package? 

Tenable One continuously, automatically, and proactively detects the malicious versions of Axios across both on-premises and cloud environments.

Tenable Nessus and Tenable Cloud Security, both part of the Tenable One Exposure Management platform, continuously monitor for new indicators of compromise (IOCs) and track research associated with this evolving campaign.

A list of Tenable plugins to identify the malicious package will appear here as soon as they're released. 

Tenable Cloud Security classifies affected packages as malicious. Detected packages will appear in your Tenable console environment the next time data is synced.

Conclusion

This security incident affecting the Axios npm package is a critical reminder that massive software supply chain attacks remain a recurring threat. Threat actors continuously exploit the trust in open source ecosystems to get around organizations’ traditional, perimeter-based security controls and deliver malicious software at scale.