{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreigbr4sv4jabgznaa5eucetswduwmuew4xvpsuyrsltfnixutujtni",
"uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3miiosd5lokc2"
},
"path": "/t/axios-supply-chain-attack/36761#post_1",
"publishedAt": "2026-04-02T06:26:33.000Z",
"site": "https://discuss.privacyguides.net",
"tags": [
"Malwarebytes – 31 Mar 26",
"Axios supply chain attack chops away at npm trust"
],
"textContent": "Malwarebytes – 31 Mar 26\n\n### Axios supply chain attack chops away at npm trust\n\nDevelopers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan\n\nEst. reading time: 3 minutes\n\n> Using compromised credentials of a lead maintainer of Axios an attacker published poisoned packages to npm: `axios@1.14.1` and `axios@0.30.4`. The malicious versions inject a new dependency, `plain-crypto-js@4.2.1`, which is never imported anywhere in the axios source code.\n>\n> Together the two affected packages reach up to 100 million weekly downloads on npm, which means it has a huge impact radius across web apps, services, and pipelines.\n>\n> It is important to note that the affected Axios version does not appear in the project’s official GitHub tags. This means that the people and projects affected are developers and environments which ran npm install that resolved to:\n>\n> * `axios@1.14.1 `or `axios@0.30.4`, or\n>\n> * the dependency `plain-crypto-js@4.2.1`.\n>\n>\n\n>\n> Any workflow that installed one of those versions with scripts enabled may have exposed all injected secrets (cloud keys, repo deploy keys, npm tokens, etc.) to an interactive attacker, because the postinstall script (node setup.js) that runs automatically on npm install downloaded an obfuscated dropper that retrieves a platform‑specific RAT payload for macOS, Windows, or Linux.\n\nAs someone who uses npm every day this is extremely concerning news and I’m surprised it hasn’t reached many yet (at last no one in my inner dev circle knew about this until I told them).\n\nHave any of you been impacted or compromised by the attack?",
"title": "Axios Supply Chain Attack"
}