11 min read

Axios npm Supply Chain Compromise

Prepared by: Adam Skupien, Vulnerability Security Analyst | Published: Wed 02 April 2026

Executive Summary

Axios, a widely used JavaScript HTTP client library, was impacted by a software supply chain compromise. Malicious versions axios@1.14.1 and axios@0.30.4 were published through a compromised maintainer account and introduced a malicious dependency that deployed cross-platform malware.

Organisations using Axios should urgently determine whether the affected versions were installed, pin or roll back to known-good versions, and investigate any impacted systems as potentially compromised. 

What Happened

Attackers gained access to a maintainer account and published malicious Axios releases to npm. The affected versions, published on 31 March 2026 (AEST), were axios@1.14.1 and axios@0.30.4. Public reporting states they introduced the hidden dependency plain-crypto-js@4.2.1, which delivered a cross-platform remote access trojan targeting Windows, macOS and Linux.

This was not a vulnerability in Axios’ application code. The threat came from trusted package releases being tampered with and distributed through normal npm installation workflows. Public reporting also indicates the malicious dependency used an install-time postinstall mechanism to contact attacker-controlled infrastructure and retrieve a platform-specific second-stage payload.

Why This Matters to Your Organisation

If your organisation installed axios@1.14.1 or axios@0.30.4, the risk extends beyond using a bad library version. Public advisories state the malicious releases introduced plain-crypto-js@4.2.1, which could execute attacker-controlled code and deploy cross-platform malware on Windows, macOS and Linux.

For Axios users, this creates potential exposure across developer workstations, build servers and CI/CD pipelines, particularly where those systems hold source code, secrets, deployment credentials or access to internal environments. The ACSC has separately warned that attackers are actively targeting code repositories and software packages to access secrets, private code bases and modify packages to infect users.

Who Should Review Their Environments

This bulletin is most relevant to organisations that use Axios in JavaScript or Node.js applications, especially where dependencies are installed on developer workstations, build servers or CI/CD pipelines, or automatically pulled during builds or deployments.

You should review your environment if you:

  • use Axios anywhere in your applications or services
  • maintain CI/CD pipelines that run npm install, npm ci or similar dependency installation steps
  • allow automated dependency updates
  • have developer or build systems with access to source code, secrets, package registries or deployment credentials
  • consume third-party packages from online code repositories as part of normal development or release processes

If any of the above applies, check whether axios@1.14.1 or axios@0.30.4 was installed anywhere in your environment. If those versions were installed, determine whether npm lifecycle scripts were allowed to run at install time, as public reporting indicates the malicious behaviour was delivered through plain-crypto-js@4.2.1 using a postinstall script.

How to Check if You Have Been Affected

Start by checking whether the malicious Axios versions were installed anywhere in your environment. The affected releases were axios@1.14.1 and axios@0.30.4, and they introduced the malicious dependency plain-crypto-js@4.2.1. According to Aikido Security’s guidance, first check for the bad Axios versions, then for plain-crypto-js, and then for platform-specific RAT artefacts.

1. Check for the affected Axios versions

All systems:

npm list axios

macOS / Linux:

npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"

grep -A1 '"axios"' package-lock.json | grep -E "1\.14\.1|0\.30\.4"

Windows (PowerShell):

npm list axios

Select-String -Path package-lock.json,yarn.lock,pnpm-lock.yaml -Pattern '1\.14\.1|0\.30\.4'

If you find axios@1.14.1 or axios@0.30.4, treat that system or pipeline as exposed and continue with the checks below.

2. Check for the malicious dependency plain-crypto-js@4.2.1

All systems:

npm list plain-crypto-js

macOS / Linux:

ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENTIALLY AFFECTED"

Windows (Command Prompt):

dir node_modules\plain-crypto-js 2>nul && echo POTENTIALLY AFFECTED

Aikido note that even if the dropper script removed itself, the plain-crypto-js directory may still remain. Its presence is a strong indicator that the malicious dependency was installed and the dropper ran.

3. Check for RAT artefacts on disk

macOS / Linux:

macOS: ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "COMPROMISED"

Linux: ls -la /tmp/ld.py 2>/dev/null && echo "COMPROMISED"

Windows (Command Prompt):

dir "%PROGRAMDATA%\wt.exe" 2>nul && echo COMPROMISED

dir "%PROGRAMDATA%\system.bat" 2>nul

dir "%TEMP%\6202033.vbs" 2>nul

dir "%TEMP%\6202033.ps1" 2>nul

reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v MicrosoftUpdate

Key artefacts include /Library/Caches/com.apple.act.mond, %PROGRAMDATA%\wt.exe and /tmp/ld.py.

Elastic additionally identifies %PROGRAMDATA%\system.bat, %TEMP%\6202033.vbs, %TEMP%\6202033.ps1, the HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftUpdate persistence key on Windows, and temporary AppleScript launchers under /tmp/*.scpt on macOS.

4. How to interpret the results

If the affected Axios versions are found, investigate whether they were actually installed on a developer workstation, build server or CI/CD runner. If plain-crypto-js is present, or if any RAT artefact is found, treat the host as compromised. Aikido’s remediation guidance is not to clean in place if RAT artefacts are present, but to isolate the system, rotate credentials exposed to that host, and rebuild it from a known-good baseline.

Immediate Actions Required

  1. Pin or roll back Axios to the known-good versions axios@1.14.0 or axios@0.30.3. These are the last legitimate releases before the compromise.
  2. Remove plain-crypto-js from node_modules and reinstall dependencies from a known-good state. During remediation, use npm install --ignore-scripts where operationally feasible to avoid re-triggering install-time scripts.
  3. If any affected version was installed on a developer workstation, build server or CI/CD runner, treat that system as potentially compromised and investigate it accordingly. Elastic’s analysis shows the malicious Axios releases pulled plain-crypto-js@^4.2.1, whose postinstall hook automatically executed during installation.
  4. If any RAT artefact is found (com.apple.act.mond, wt.exe or ld.py), do not attempt to clean the system in place. Isolate it, rotate credentials accessible from that host, and rebuild it from a known-good baseline.
  5. Rotate any credentials and secrets that were accessible from affected systems, including npm tokens, SSH keys, API keys, CI/CD secrets, cloud credentials and .env values.
  6. Audit CI/CD pipeline logs for any runs that installed the affected versions, and rotate any secrets exposed to those pipelines. As an ongoing precaution, Aikido recommends using npm ci --ignore-scripts as a standing policy in CI/CD where feasible.
  7. Block outbound access to the known command-and-control infrastructure sfrclak[.]com and 142.11.206[.]73, and review network and proxy logs for any connections to that infrastructure.

Indicators of Compromise

Malicious package versions

  • axios@1.14.1

  • axios@0.30.4

  • plain-crypto-js@4.2.1

Network indicators

  • sfrclak[.]com

  • 142.11.206[.]73

  • http://sfrclak[.]com:8000/6202033

macOS artefacts

  • /Library/Caches/com.apple.act.mond

  • Temporary AppleScript launch files under /tmp/ ending in .scpt may also be relevant.

Windows artefacts

  • %PROGRAMDATA%\wt.exe

  • %PROGRAMDATA%\system.bat

  • %TEMP%\6202033.vbs

  • %TEMP%\6202033.ps1

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MicrosoftUpdate

Linux artefacts

  • /tmp/ld.py

  • Hidden payload files under /tmp/.<random> may also be present.

The presence of any of the host artefacts above should be treated as evidence of compromise and handled as an incident.

Broader Security Recommendations

The ACSC has warned that threat actors are actively targeting online code repositories and software packages to extract secrets, access private code bases and modify packages to infect downstream users. The recommendations below are separated between organisations that use third-party npm packages, those that publish npm packages, and those that maintain source-code repositories and release workflows.

For organisations using third-party npm packages

  • Validate third-party packages before installation or update, especially where dependencies are automatically pulled into build or deployment workflows.

  • Maintain visibility of package versions and dependencies across developer environments, build systems and deployed applications so exposure can be identified quickly.

  • Monitor developer and CI/CD environments for suspicious package installation activity, secret exposure and unexpected outbound connections, and review logs for recent package installations and suspicious processes.

  • Rotate secrets quickly where exposure is suspected, including credentials present in repositories or accessible from affected systems.

For npm package publishers and maintainers

  • Enforce multi-factor authentication for npm accounts used to publish or manage packages.

  • Prefer npm trusted publishing over long-lived registry tokens in CI/CD.

  • Use npm provenance and registry signature verification where supported to strengthen confidence in published and downloaded packages.

  • Review npm organisation membership, publisher access and package permissions regularly so only authorised users can publish or manage packages.

For code publishers and repository maintainers

  • Enforce multi-factor authentication for repository accounts and other systems involved in release workflows.

  • Protect release branches with approval gates and status checks.

  • Use repository security features such as secret scanning and access reviews to reduce the risk of leaked credentials and unauthorised changes.

Triskele Labs SOC Response

Triskele Labs is monitoring for activity associated with the malicious Axios releases, including the affected package versions, the plain-crypto-js dependency, known host artefacts and related outbound connections. Where client telemetry is available, our SOC can assist with identifying affected systems and pipelines, reviewing endpoint, build and network telemetry for signs of execution or compromise, and assessing potential credential exposure. Where deeper investigation, incident scoping, containment planning, remediation support or recovery activities are required, this may involve engaging Triskele Labs’ Digital Forensics and Incident Response (DFIR) services.

References