Axios compromised on NPM – Malicious versions drop remote access trojan

On March 30, 2026, StepSecurity identified two malicious versions of the widely used axios HTTP client library published to npm: [email protected] and [email protected]. Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline. The attacker changed the maintainer's account email to an anonymous ProtonMail address and manually published the poisoned packages via the npm CLI.

These compromises were detected by StepSecurity AI Package Analyst and StepSecurity Harden-Runner. We have responsibly disclosed the issue to the project maintainers.

The malicious versions inject a new dependency, [email protected], which is never imported anywhere in the axios source code. Its sole purpose is to execute a postinstall script that acts as a cross platform remote access trojan (RAT) dropper, targeting macOS, Windows, and Linux. The dropper contacts a live command and control server and delivers platform specific second stage payloads. After execution, the malware deletes itself and replaces its own package.json with a clean version to evade forensic detection.

Neither malicious version contains a single line of malicious code inside axios itself. Instead, both inject a fake dependency, [email protected], a package that is never imported anywhere in the axios source, whose only purpose is to run a postinstall script that deploys a cross-platform remote access trojan (RAT). The dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy, leaving a developer who inspects their node_modules folder after the fact with no indication anything went wrong.

This was not opportunistic. The malicious dependency was staged 18 hours in advance. Three separate payloads were pre-built for three operating systems. Both release branches were hit within 39 minutes. Every trace was designed to self-destruct. This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package.

If you have installed [email protected] or [email protected], assume your system is compromised.

Attack Timeline

The attack was pre-staged across roughly 18 hours, with the malicious dependency seeded on npm before the axios releases to avoid “brand-new package” alarms from security scanners.

Background: What Is axios?

axios is the most popular HTTP client library in the JavaScript ecosystem. It is used in virtually every Node.js and browser application that makes HTTP requests — from React front-ends to CI/CD tooling to server-side APIs. With over 300 million weekly downloads, a compromise of even a single minor release has an enormous potential blast radius.

How the Attack Works

Step 1 — Maintainer Account Hijack

The attacker compromised the jasonsaayman npm account. The account’s registered email was changed to [email protected]. Using this access, the attacker published malicious builds across both the 1.x and 0.x release branches simultaneously.

Step 2 — Staging the Malicious Dependency

Before publishing the backdoored axios releases, the attacker pre-staged a malicious package on npm: [email protected]. This package is deliberately designed to look legitimate, masquerading as the original crypto-js library.

Step 3 — Injecting the Dependency into axios

The attacker published [email protected] and [email protected] with plain-crypto-js: "^4.2.1" added as a runtime dependency. When a developer runs npm install, npm resolves the dependency tree and installs the malicious package automatically, launching the dropper via the postinstall hook.