Axios supply chain attack: how to harden your JavaScript pipelines now
Search intent: understand the npm supply chain compromise affecting axios 1.14.1 and 0.30.4 and deploy an actionable playbook to secure JavaScript pipelines, CI/CD secrets, and developer workstations.
What happened
- Maintainer account takeover: attackers hijacked the main npm maintainer account (
jasonsaayman), changed the associated email, and manually uploaded two poisoned releases (1.14.1and0.30.4). - Phantom dependency
plain-crypto-js@4.2.1: added solely to run apostinstallscript that drops a RAT with Windows, Linux, and macOS payloads. - Precision staging: StepSecurity reports the malicious dependency was prepared 18 hours earlier, both branches were hit within 39 minutes, and OS-specific binaries were ready ahead of time.
- Attribution: Google TAG linked the operation to North Korea–aligned UNC1069, a group known for supply chain intrusions to steal cryptocurrency.
Why CIOs and CTOs should care
- 100M weekly downloads: axios sits inside front ends, BFFs, microservices, and automation scripts; a single automated install can compromise a build host.
- Execution before install completes: the dropper calls home to
sfrclak.com:8000in under two seconds, often before endpoint defenses finish scanning. - Forensics-resistant: the rogue package deletes itself and rewrites its
package.json, leaving little to inspect afterward. - CI/CD blast radius: StepSecurity Harden-Runner caught the anomaly in Backstage, showing how GitHub Actions workflows can run the payload if egress isn’t pinned down.
Immediate plan (0–72 hours)
- Inventory & block: search for
axios@1.14.1andaxios@0.30.4across lockfiles (npm, pnpm, yarn) and freeze automated reinstalls from internal caches. - Rotate every secret: treat npm tokens, CI/CD keys, cloud credentials, and machine identities used during install as compromised.
- Network review: hunt for egress to
sfrclak.com,plain-crypto-js, or TCP 8000 from developer endpoints and runners. - Rebuild cleanly: reprovision affected systems from trusted images instead of attempting manual cleaning.
30-day hardening track
- Sign and verify internal npm artifacts: enable Sigstore/SLSA attestations for critical packages and reject unsigned dependencies.
- Separate release identities: publish via dedicated robot accounts protected by FIDO2 keys; disable direct npm CLI uploads from personal accounts.
- Lock down CI/CD networking: enforce outbound allowlists for runners, log DNS, and block any unseen destination by default.
- Chaos-test supply chain resilience: simulate a rogue dependency injection to measure detection coverage and MTTR.
Governance cues & KPIs
- Signed dependency ratio (target >80% for crown-jewel modules).
- Supply chain response time: minutes from alert to pipeline block.
- Dependency review coverage: % of repos scanned weekly via OSS Review Toolkit or Renovate.
- Automated CI/CD secret rotation cadence.
Conclusion
The axios incident shows attackers now target libraries every developer trusts. Only teams that industrialize supply chain telemetry (attestations, network segmentation, secret rotation) will keep releasing fast without becoming someone else’s intrusion vector.
FAQ
Am I safe if a SaaS vendor bundles axios for me?
Only if they rebuilt after the compromise window. Ask for proof of a clean rebuild.
Does serving axios from a private cache protect me?
Not if the cache already mirrored the poisoned versions. Purge it and force npm cache clean --force.
Should we block axios entirely?
No, but pin a verified version (1.14.0 or 1.13.x) until the project ships a cleansed release.
How can I tell if a runner was compromised?
Monitor outbound connections to unknown domains, inspect PowerShell/Bash invoked during postinstall, and compare artifact checksums.
Sources
- The Register – “Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines” (31 Mar 2026)
- StepSecurity – “axios Compromised on npm – Malicious Versions Drop Remote Access Trojan” (31 Mar 2026)
