The Axios Attack: Why You Cannot Trust Your npm Dependencies by Default

Your team reviews the code. You run the tests. The CI pipeline is green. And still, a package 100 million developers trust each week installs a Remote Access Trojan on every machine that runs npm install. That is what happened with Axios in March 2026 — and it is a warning that most engineering teams and CTOs are not yet equipped to act on.

Inspired by this article. The perspective and analysis below are original.

What Happened to Axios

Axios is a promise-based HTTP client used across virtually every category of modern JavaScript application — web apps built with React, Vue, or Angular; desktop apps built on Electron; mobile apps using React Native; SaaS admin panels; CI/CD tooling. It sits in the dependency graph without calling attention to itself. That invisibility is exactly what attackers exploit.

In late March 2026, an attacker used compromised credentials belonging to a lead maintainer of the project to publish two poisoned packages to npm: axios@1.14.1 and axios@0.30.4. Neither version appears in the official Axios GitHub tag list. Any automated check comparing published npm versions against repository tags would have caught the discrepancy — but most pipelines do not run that check.

Both malicious versions injected a new dependency — plain-crypto-js@4.2.1 — that appears nowhere in the legitimate Axios source code. When installed with npm scripts enabled, a postinstall hook triggered node setup.js, which downloaded an obfuscated dropper. That dropper then retrieved a platform-specific Remote Access Trojan payload targeting macOS, Windows, or Linux.

Why Standard Tooling Does Not Catch This

The detail that should concern every DevOps team is this: the malware dropper cleaned up after itself. After execution, any inspection of the installed package directory shows a completely clean manifest. No postinstall script. No setup.js. No suspicious field in package.json. Running npm audit or manually reviewing installed files reveals nothing.

The absence of evidence is not evidence of absence. Standard npm security tooling is blind to this class of attack once the dropper has run.

The indicators of compromise you can actually search for are:

• Network domain: sfrclak[.]com
• IP address: 142.11.206.73
• macOS artifact: /Library/Caches/com.apple.act.mond
• Linux artifact: /tmp/ld.py
• Windows artifacts: %PROGRAMDATA%\wt and %TEMP% files matching *.vbs or *.ps1 (these exist only briefly during execution)
• SHA-256 — axios@1.14.1: 2553649f2322049666871cea80a5d0d6adc700ca
• SHA-256 — axios@0.30.4: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71
• SHA-256 — plain-crypto-js@4.2.1: 07d889e2dadce6f3910dcbc253317d28ca61c766

If your network egress logs show any connection to that domain or IP address during a build window, treat it as confirmed compromise regardless of what the package directory shows.

What Was Actually at Risk

The infection path is the install or build step — not application runtime. End users loading a web app in a browser are not directly exposed. The target is the developer environment and, more critically, the CI/CD pipeline.

Any workflow that installed an affected version with npm scripts enabled may have exposed every secret accessible in that environment at install time. That includes:

• Cloud provider credentials stored in environment variables — AWS, GCP, Azure access keys
• Repository deploy keys used to push code or trigger downstream deployments
• npm publish tokens — which an attacker could use to poison additional packages and extend the attack surface
• API keys for internal services, payment providers, or any third-party integration reachable from the build environment

If there is any possibility your team or pipeline ran one of the affected versions, treat those environments as fully compromised. Rotate every secret that was accessible during the install. An attacker with repository access or signing keys can backdoor future releases — or pivot directly toward your users and backend systems.

The Root Cause: Credential Security for Maintainers

This attack succeeded because the attacker compromised the credentials of a trusted maintainer. Everything else — the poisoned packages, the RAT payload, the self-cleaning dropper — is operational execution of a plan made possible by one stolen credential.

For engineering leaders who publish packages or operate internal registries, this is a direct lesson. Maintainer accounts for any npm package — internal or external — should enforce multi-factor authentication. Publish tokens should be scoped to the minimum required permission, rotated on a schedule, and never stored in plain text as CI environment variables visible to all pipeline jobs.

Open-source trust is not a property of a package. It is a property of the processes and credential management practices that protect every person authorised to publish to it. When one account is compromised, the trust extended to the package by 100 million weekly downloads becomes the attack vector.

What Engineering Teams Should Do Now

The Axios incident is not a reason to stop using open-source packages. It is a reason to manage dependency trust actively rather than assume it. These are the concrete steps that address the specific attack pattern:

1. Enforce lock files with integrity hashes in CI. Use package-lock.json or yarn.lock with npm ci in pipelines. Never allow npm install to resolve to a version not pinned in the lock file. Treat lock file changes as requiring explicit review in pull requests.
2. Audit unexpected transitive dependencies. When a package like Axios gains a new transitive dependency that was never present before, that is a signal. Tools like npm ls and dependency diff reporting in CI can surface new transitive additions automatically for review.
3. Cross-reference npm published versions against GitHub tags. If a version is published to npm but does not appear in the repository's tag list, do not install it. Automate this check in your dependency update workflows.
4. Restrict npm install scripts in CI. Use --ignore-scripts for production dependency installs where feasible, or run postinstall hooks in isolated environments with no access to secrets. Postinstall scripts that have not been explicitly reviewed and approved should not execute with access to cloud credentials.
5. Monitor network egress from build environments. Unexpected outbound connections to unknown domains during a package install are an indicator of compromise. CI pipelines should have egress allowlists where infrastructure permits.
6. Rotate secrets after any unverified install event. When there is any uncertainty about which package versions ran in an environment, treat it as a potential compromise and rotate proactively. The cost of rotation is far lower than the cost of an undetected credential exposure.

What CTOs Should Understand About Supply Chain Risk

Supply chain attacks against npm are not theoretical scenarios. They are operational. The Axios incident follows a pattern seen in dozens of similar attacks over the past several years — the specific novelty is the scale of the target package and the sophistication of the post-install cleanup.

The question for engineering leadership is not whether this class of attack is real. It demonstrably is. The question is whether your current dependency management practices, CI configuration, and secret handling would contain the damage if a package your team trusts today becomes the attack vector tomorrow.

For most organisations, the honest answer is: probably not fully. The mitigations are not exotic — they are engineering discipline applied systematically to the dependency lifecycle. Start with lock file enforcement, transitive dependency auditing, and secret isolation in build environments. Build the monitoring and alerting around it. Make it part of how releases are reviewed, not an afterthought.

Excellence Consulting works with software engineering teams and technology leadership to assess and strengthen software supply chain security practices — from dependency governance to CI/CD pipeline hardening. If the Axios incident raises questions about your current posture, we are glad to work through what a practical assessment looks like for your environment.