Which versions of Axios are affected by the supply chain attack?

The malicious versions are axios@1.14.1 and axios@0.30.4, both published on March 31, 2026, via a hijacked npm maintainer account. Safe versions are axios@1.14.0 and axios@0.30.3 and earlier. Both malicious versions were removed by the npm security team within ~3 hours of publication.

What does the Axios malware do?

The malicious dependency plain-crypto-js@4.2.1, injected as a phantom dependency in the hijacked Axios package, deploys a cross-platform Remote Access Trojan (RAT) upon npm install. On macOS it downloads a binary disguised as a system process. On Windows it uses VBScript and PowerShell to install a RAT persisting as wt.exe. On Linux it runs a Python script via nohup. The RAT phones home to a C2 server at sfrclak.com:8000.

What should I do if I installed Axios today?

Check your package-lock.json or yarn.lock for axios@1.14.1 or axios@0.30.4. If present, immediately: (1) downgrade to axios@1.14.0 or axios@0.30.3, (2) rotate all API keys, tokens, and CI/CD secrets from that system, (3) scan for RAT artifacts: /Library/Caches/com.apple.act.mond on macOS, %PROGRAMDATA%\wt.exe on Windows, /tmp/ld.py on Linux, (4) block traffic to sfrclak.com and IP 142.11.206.73, (5) rebuild the system from a known-good state if RAT artifacts are found.

How was the Axios npm account hijacked?

Attackers obtained the credentials of jasonsaayman, Axios's primary npm maintainer. They changed the account's registered email to a ProtonMail address (ifstap@proton.me) to lock out the legitimate owner. They then manually pushed the malicious packages directly, bypassing the project's standard GitHub Actions CI/CD pipeline.

This article contains affiliate links. We may earn a commission at no extra cost to you if you sign up through our links.

Breaking — Securitynpm Supply Chain

Axios npm Package Hijacked: RAT Malware Hit 100M+ Weekly Downloads — Full Incident Timeline

March 31, 2026 · Resolved today · 8 min read · Happycapy Guide

ACTION REQUIRED — Check your dependencies now

If you ran npm install between 00:21 UTC and 03:15 UTC on March 31, 2026 and your project uses Axios, check for axios@1.14.1 or axios@0.30.4 in your lock file. If found: downgrade immediately and rotate all secrets.

TL;DR

Attackers hijacked the npm account of Axios maintainer jasonsaayman and published axios@1.14.1 and axios@0.30.4 — both containing a phantom dependency (plain-crypto-js@4.2.1) that drops a cross-platform Remote Access Trojan on install. The packages were live on npm for ~3 hours before the npm security team removed them. This is the second major npm security incident today, following the Claude Code source map leak earlier this morning. Safe versions: axios@1.14.0 and axios@0.30.3.

100M+

Weekly npm downloads exposed

~3 hrs

Window when malicious versions were live

Malicious versions published

Platforms targeted: macOS, Windows, Linux

Affected vs. Safe Versions

Version	Status	Published	Action
axios@1.14.1	MALICIOUS — removed	Mar 31, 00:21 UTC	Downgrade immediately; rotate all secrets
axios@0.30.4	MALICIOUS — removed	Mar 31, 01:00 UTC	Downgrade immediately; rotate all secrets
axios@1.14.0	SAFE	Prior to attack	Use this version
axios@0.30.3 and below	SAFE	Prior to attack	Use this version

Full Attack Timeline

March 30–31, 2026 — UTC

Mar 30 · 05:57

Attackers publish clean decoy plain-crypto-js@4.2.0 to build legitimacy

Mar 30 · 23:59

Malicious plain-crypto-js@4.2.1 published — contains RAT dropper

Mar 31 · 00:21

axios@1.14.1 published via hijacked account (jasonsaayman)

Mar 31 · 01:00

axios@0.30.4 published — targets legacy users on v0.x

Mar 31 · ~03:15

npm security team removes both malicious Axios versions

Mar 31 · 03:25

npm places security hold on plain-crypto-js

Mar 31 · 04:26

Clean security stub replaces malicious plain-crypto-js@4.2.1

How the Attack Worked

This was a phantom dependency injection attack. The attackers did not modify Axios's source code directly — they injected a new dependency (plain-crypto-js) that ran a setup.js post-install script automatically when npm installed the package.

The setup.js script contacted a command-and-control (C2) server at sfrclak.com:8000 and downloaded platform-specific payloads:

Platform	Method	Artifact to Check
macOS	AppleScript downloads binary, disguised as system process	/Library/Caches/com.apple.act.mond
Windows	VBScript + PowerShell downloads RAT, persists as system binary	%PROGRAMDATA%\wt.exe
Linux	Python script executed via nohup in background	/tmp/ld.py

After execution, the malware deleted its own package.json and replaced it with a clean decoy — a deliberate anti-forensic measure to avoid detection during post-install inspection. Security researchers assess this as APT-level espionage activity rather than financially motivated crime, based on the sophistication and focus on credential harvesting.

The account takeover was complete: attackers changed the registered email on jasonsaayman's npm account to ifstap@proton.me before publishing, locking out the legitimate maintainer from taking immediate action.

AI can review your dependency tree for supply chain risks.

Claude and GPT both excel at security code review — analyzing package.json files, flagging suspicious dependencies, and explaining attack vectors. Happycapy gives you both models in one place for $17/month.

Try Happycapy Free →

Immediate Remediation Steps

If you ran npm install today — do this now

Audit your lock file: grep your package-lock.json or yarn.lock for axios@1.14.1 or axios@0.30.4

Downgrade: npm install axios@1.14.0 or pin to a known-safe version

Rotate all secrets from any system that ran the install — API keys, tokens, SSH keys, CI/CD credentials, database passwords

Scan for artifacts: /Library/Caches/com.apple.act.mond (macOS) · %PROGRAMDATA%\wt.exe (Windows) · /tmp/ld.py (Linux)

Block C2 traffic: Firewall egress to sfrclak.com and IP 142.11.206.73

Rebuild if compromised: If RAT artifacts are present, rebuild the system from a known-good image — do not attempt partial cleanup

Context: March 31, 2026 — A Bad Day for npm Security

This is the second significant npm security incident to occur on March 31, 2026. Earlier this morning, Anthropic's Claude Code CLI was found to have accidentally published a source map file with its npm package, exposing 512,000 lines of proprietary TypeScript source code. That incident was a packaging mistake — this Axios attack is deliberate criminal or state-sponsored activity.

Both incidents highlight the structural risk of the npm ecosystem: the world's largest software registry has minimal verification controls on who can publish to existing packages, and the post-install script mechanism gives attackers an automatic code execution vector the moment a developer runs npm install.

Notable Prior npm Supply Chain Attacks

Package	Year	Downloads/Week	Attack Type
axios	2026	100M+	Account hijack → phantom dependency → RAT
xz-utils	2024	N/A (Linux core)	2-year social engineering → backdoor in SSH
ua-parser-js	2021	7M+	Account hijack → crypto miner + credential stealer
node-ipc	2022	1M+	Maintainer sabotage → file wiper (anti-Russia protest)
event-stream	2018	2M+	Malicious maintainer → Bitcoin wallet theft

Frequently Asked Questions

Which versions of Axios are affected?

axios@1.14.1 and axios@0.30.4, both published via a hijacked account on March 31, 2026. Both have been removed from npm. Safe versions are axios@1.14.0 and axios@0.30.3 and below.

What does the malware do?

The injected plain-crypto-js@4.2.1 dependency runs a post-install script that contacts a C2 server and deploys a Remote Access Trojan on macOS, Windows, and Linux. The RAT enables persistent remote access, credential harvesting, and likely espionage-grade intelligence collection.

Is Axios itself compromised?

The Axios source code itself was not modified. The malware was introduced as a phantom dependency added to the published npm package — not in the GitHub repository. Developers cloning the repo directly were not affected. Only those who ran npm install and received the malicious package version were at risk.

How can I use AI to detect supply chain risks?

Claude and GPT can analyze your package.json and package-lock.json for suspicious dependencies, unusual version bumps, and phantom dependencies. Happycapy gives you both models in one platform — paste your lock file and ask for a security review.

Two npm security incidents in one day. AI can help you audit faster.

Claude excels at code security review — dependency audits, vulnerability analysis, lock file inspection. Happycapy gives you Claude alongside GPT and Gemini for $17/month. Paste your package.json and ask for a supply chain risk assessment.

Start Free on Happycapy →

Sources:
Axios GitHub repository · Socket.dev — supply chain security · npm — axios package · Also see: Claude Code npm source map leak — same day (March 31, 2026)

SharePost on X LinkedIn

—Was this helpful?

Comments

Comments are coming soon.