A significant supply chain attack has compromised Axios, a widely used HTTP client in the JavaScript community, by inserting a malicious dependency into the npm registry. This incident affects Axios, a crucial tool in numerous frontend and backend applications, with around 83 million weekly downloads.
Scope of the Supply Chain Compromise
The attack involved unauthorized Axios versions that included a new package, [email protected], identified by malware detection systems as harmful. Axios’s extensive usage in web development means the potential impact is vast, prompting an immediate need for action from affected users.
Attackers deviated from usual release procedures, with npm versions not appearing in the GitHub repository’s tags. This deviation suggests a deliberate strategy to inject harmful code silently and effectively.
Details of the Malicious Insertion
At the incident’s occurrence, GitHub’s latest visible tag, v1.14.0, indicated that malicious updates bypassed the normal deployment process. The malicious package was published on March 30, 2026, and rapidly went live, highlighting a swift operation designed to exploit vulnerabilities before detection.
The attackers made minimal changes to Axios’s codebase, only adding the harmful plain-crypto-js package to the dependency list. Such targeted modifications are common in supply chain attacks, allowing unauthorized code execution through dependencies while avoiding close examination.
Response and Mitigation Measures
Registry logs show the npm account jasonsaayman linked to the malicious package, raising alarms about unauthorized publishing capabilities. This points to a possible account takeover or credential compromise, enabling attackers to publish malicious packages directly.
Security teams need to audit software supply chains for the compromised components. Reviewing project lockfiles, dependency graphs, and open pull requests is essential to detect exposure to affected versions. If identified, these versions should be removed or downgraded to safe releases like Axios 1.14.0.
Given the ongoing nature of this security issue, continuous threat monitoring is crucial to assess the full extent of the compromise and prevent further incidents.
Stay updated with daily cybersecurity news by following us on Google News, LinkedIn, and X. Contact us to share your stories.
