Axios NPM Supply Chain Attack: 300M Weekly Downloads Compromised with RAT via Hijacked Maintainer Account

On March 31, 2026, StepSecurity identified a critical supply chain attack targeting axios, the most popular HTTP client library in the JavaScript ecosystem with over 300 million weekly npm downloads. The attack represents one of the largest npm supply chain compromises to date.

Attack Mechanics:

The attacker compromised the npm account of jasonsaayman, the primary axios maintainer, changing the account email to an anonymous ProtonMail address (ifstap@proton.me). Two malicious versions were published:

• axios@1.14.1 (published 2026-03-31 00:21 UTC) — targeting the modern 1.x user base
• axios@0.30.4 (published 2026-03-31 01:00 UTC) — targeting legacy 0.x users

Neither version contains malicious code in axios itself. Instead, both inject a fake dependency called plain-crypto-js@4.2.1 — a package that is never imported anywhere in the axios source. Its sole purpose is to execute a postinstall script that acts as a cross-platform Remote Access Trojan (RAT) dropper.

Sophisticated Evasion:

The attack was pre-staged over 18 hours:

1. First, plain-crypto-js@4.2.0 was published as a clean decoy (full copy of legitimate crypto-js) to establish npm publishing history
2. Then plain-crypto-js@4.2.1 was published with the malicious payload
3. Finally, the compromised axios versions were released

After execution, the malware contacts a live C2 server, delivers platform-specific second-stage payloads for macOS/Windows/Linux, then deletes itself and replaces its own package.json with a clean version — leaving no trace in node_modules for post-infection inspection.

Blast Radius for AI Agent Infrastructure:

Axios is ubiquitous in the Node.js ecosystem that powers most AI agent infrastructure:

• OpenClaw and many agent frameworks use Node.js
• AI agent API integrations commonly use axios for HTTP requests
• CI/CD pipelines and build systems are affected
• Any npm install or npm update during the window would pull compromised versions

Remediation: Pin to safe versions: axios@1.14.0 (1.x) or axios@0.30.3 (0.x). Rotate all secrets and credentials on affected machines. Check network logs for C2 indicators.

The incident is trending as the #1 story on Hacker News with 99 points and rapidly growing discussion.