axios / plain-crypto-js / npm

Two malicious axios releases (1.14.1 and 0.30.4) were published to npm today via what appears to be a compromised maintainer account: the publisher email was changed to a ProtonMail address, GitHub tags are missing, and SLSA provenance attestations present in 1.14.0 are absent. These indicators suggest a classic account takeover and a dependency-injection style supply-chain compromise that could deliver malicious code to projects using axios. The lack of source tags and provenance hinders verification and increases risk for developers and organizations that depend on axios for HTTP requests. Users should treat these versions as untrusted, roll back to known-good releases, audit dependency trees, and update after maintainers restore control and issue verifiable fixes.

The popular HTTP client axios released version 1.14.1 on 2026-03-31 that unexpectedly added a new dependency, plain-crypto-js@4.2.1, which is malicious. Unlike prior axios@1.14.0 (which relied only on follow-redirects, form-data, and proxy-from-env), axios@1.14.1 includes plain-crypto-js that defines a postinstall hook running node setup.js. The setup.js is heavily obfuscated: it decodes base64 payloads, writes auxiliary scripts to the OS temp directory, executes them via shell on macOS or PowerShell on Windows, and then deletes traces. This constitutes an active supply-chain attack that can execute remote code during package installation, posing a serious risk to developers, CI systems, and production environments that pull this axios release.

Axios releases on npm were hijacked after a lead maintainer's npm credentials were compromised, and two malicious versions were published that did not alter axios code but added a fake dependency plain-crypto-js@4.2.1 whose postinstall script deployed a cross-platform remote access trojan (RAT). The malicious packages bypassed the project's CI/CD pipeline because they were published directly with the compromised npm access token, raising questions about npm token 2FA bypasses and the safety of package manager workflows. The incident underscores persistent supply-chain risks in JavaScript ecosystems and fuels calls for stricter CI gating, token policies, and reduced reliance on widely used transitive dependencies like axios.

StepSecurity reported that on March 31, 2026 two malicious axios releases published to npm—axios@1.14.1 and axios@0.30.4—were pushed using a compromised lead maintainer account. The attacker injected a fake dependency, plain-crypto-js@4.2.1, whose postinstall script acted as a cross-platform remote access trojan (RAT) dropper for macOS, Windows, and Linux, fetched second-stage payloads from a C2 server, then self-destructed and replaced its package.json to evade detection. The maintainer account email was swapped to a ProtonMail address and the packages were published manually, bypassing usual CI/CD protections. Users are advised to downgrade or pin to axios@1.14.0 or axios@0.30.3, rotate secrets, and investigate network indicators of compromise while StepSecurity continues its technical analysis.

StepSecurity disclosed that on March 31, 2026 two malicious axios npm releases — axios@1.14.1 and axios@0.30.4 — were published using a compromised maintainer account. The attacker injected a fake dependency, plain-crypto-js@4.2.1, whose postinstall script acted as a cross-platform remote access trojan (RAT) dropper delivering platform-specific second-stage payloads and then self-destructing and cleaning its package.json to evade detection. The attacker pre-staged a benign-looking plain-crypto-js@4.2.0 to avoid zero-history alarms, changed the maintainer email to a ProtonMail address, and published packages via npm CLI bypassing CI/CD controls. StepSecurity urges users to pin to axios@1.14.0 or 0.30.3, assume compromise if they installed the tainted versions, rotate credentials, and inspect network logs for IOCs while an investigation continues.