The widely used Axios npm package, a JavaScript library that enables applications to make HTTP/S requests and is included as a dependency in millions of applications, was compromised in a supply chain attack on March 31, 2026 (UTC).

ArcticWolf's platform is a central hub for cybersecurity professionals, offering insights into managed detection and response (MDR), threat intelligence, and security operations. Through articles, reports, and webinars, ArcticWolf offers insights into detecting and responding to cybersecurity threats effectively. Security analysts can learn about threat hunting, incident response strategies, and security best practices to protect organizations from cyberattacks.

Arctic Wolf

The popular Axios npm package was compromised in a supply chain attack on March 31, 2026. Malicious versions (axios@1.14.1 and axios@0.30.4) were published via a hijacked maintainer account for roughly 3 hours, silently bundling a malicious dependency (plain-crypto-js@4.2.1) that contained a postinstall script acting as a cross-platform remote access trojan (RAT). The RAT contacted a C2 server to deploy payloads on macOS, Windows, and Linux. The attack was pre-staged a day earlier with a decoy package to appear legitimate. Recommendations include reverting to safe versions (axios@1.14.0 or axios@0.30.3), rotating all credentials used in affected environments, clearing CI/CD caches and lockfiles, enforcing a 72-hour quarantine on new npm package versions, and using the --ignore-scripts flag in build pipelines.

Supply Chain Attack Impacts Widely Used Axios npm Package