One of the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package.
On March 30, 2026, StepSecurity identified two malicious versions of axios (the most popular JavaScript HTTP client with 100M+ weekly downloads): axios@1.14.1 and axios@0.30.4. The malicious versions inject a new dependency, plain-crypto-js@4.2.1, which is never imported anywhere in the axios source code. Its sole purpose is to execute a postinstall script that acts as a cross-platform RAT dropper.
Attack Timeline:
| Time (UTC) | Event |
|---|---|
| Mar 30 05:57 | plain-crypto-js@4.2.0 published (clean decoy) |
| Mar 30 23:59 | plain-crypto-js@4.2.1 published (malicious payload) |
| Mar 31 00:21 | axios@1.14.1 published (compromised maintainer account) |
| Mar 31 01:00 | axios@0.30.4 published (39 min later) |
| Mar 31 ~03:15 | npm unpublishes both malicious versions |
Critical Detection Signal: Legitimate axios 1.x releases are published via GitHub Actions with OIDC Trusted Publisher — cryptographically tied to verified workflows. The malicious axios@1.14.1 breaks that pattern entirely — published manually via a stolen npm token with no OIDC binding and no gitHead.
Anti-Forensics: After execution, the dropper deletes itself and renames package.md to package.json, which reports version 4.2.0 (not 4.2.1), tricking npm list into showing a "clean" version. This is among the most operationally sophisticated supply chain attacks ever documented.