Axios npm Hit by Active Supply Chain Attack

What Happened?

On March 30, 2026, two malicious versions of the axios HTTP client, [email protected] and [email protected], were published to the npm registry using compromised credentials belonging to a lead axios maintainer.

This was not a lookalike package. The attacker changed the maintainer’s account email to an anonymous ProtonMail address and manually published the poisoned packages via the npm CLI, bypassing the project’s normal GitHub Actions CI/CD pipeline. Both releases appeared completely legitimate to the average developer.

The malicious versions introduced a new dependency, [email protected], a package that did not exist prior to March 30. Any project using a caret range (^1.14.0 or ^0.30.0) would automatically pull in the compromised version on its next npm install.

Socket’s automated malware detection flagged the package within six minutes of publication.

The Impact

[email protected] acts as a cross-platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux. Its mechanics were built to avoid detection at every step.

The malware decodes its payload only at runtime to bypass static security scans, dynamically loads sensitive Node.js modules like fs, os, and execSync, and executes shell commands directly on the host machine. It stages payload files into OS temp folders and Windows ProgramData directories, then deletes its own footprint post-execution to hinder forensic investigation.

The malware calls home to sfrclak.com and exfiltrates environment variables, meaning AWS keys, database passwords, and API tokens sitting in .env files were all at risk.

The blast radius here is unusually wide. Axios sees over 100 million weekly downloads, making any compromise a significant risk to a huge number of projects. Developers who didn’t even directly update axios could still be affected if a dependency they updated used a loose version range that resolved to the malicious release.

Socket also found two other packages tied to the same campaign: @shadanai/openclaw buried its malware in a vendored path where scanners don’t typically look, and @qqbrowser/openclaw-qbot shipped with a pre-populated node_modules folder containing the malicious axios code already inside, requiring no registry fetch.

How to Check and What to Do

First, run npm list axios in your project. If you see version 1.14.1 or 0.30.4, you’re affected.

Downgrade to the last known safe versions: [email protected] for 1.x users or [email protected] for 0.x users. If a system was exposed, rotate all secrets, API keys, and credentials stored on or accessed by that machine, and check network logs for any outbound connections to the known C2 domain sfrclak.com.

Pin to “axios”: “1.14.0” using –save-exact, delete node_modules and your lockfile, run npm cache clean –force, then reinstall clean.

Even after cleanup, the presence of a node_modules/plain-crypto-js/ directory is sufficient evidence of compromise. If you find it, the dropper ran.

The axios codebase itself is untouched. This was a distribution-level attack, not a flaw in the library’s code. The trust here was in the registry and the maintainer account — and both were exploited.

What to do Next

To mitigate the risks of such sophisticated supply chain compromises, organizations are turning to Secure.com as a proactive defense layer. Its AI-native platform acts as an always-on Digital Security Teammate, providing 100% agentless visibility across your entire environment to instantly identify where poisoned packages like [email protected] are hiding in your stack.

Beyond simple discovery, Secure.com’s automated response workflows can immediately flag high-risk access patterns and help lean security teams rotate compromised credentials in minutes, effectively neutralizing the “Headcount Gap” that attackers exploit during fast-moving incidents.