Supply Chain Attack Targets Axios npm Package with Malicious Dependency
Take action: If you use Axios in your projects, immediately check your dependency trees and lockfiles for axios@1.14.1, axios@0.30.4, or plain-crypto-js@4.2.1. If found, roll back to a known safe version. Rebuild any releases deployed between March 30th and 31st. If there is any building on March 30th or 31st, audit in depth and rotate all secrets and credentials on any system where these versions were present, as the malware was designed to execute commands and steal data from compromised hosts.
Learn More
Axios, a widely used HTTP client with approximately 83 million weekly downloads, fell victim to a supply chain attack on March 30, 2026.
Attackers gained unauthorized access to the project's npm publishing credentials to release compromised versions of the library. These malicious releases, which appeared outside the project's standard GitHub workflow, automatically pull in a trojanized dependency designed to compromise host systems.
The attackers published malicious versions axios@1.14.1 and axios@0.30.4, that loads a malicious dependency: plain-crypto-js@4.2.1 An obfuscated dropper and loader that executes arbitrary shell commands on the host system. The package dynamically loads Node.js modules such as fs, os, and execSync to bypass static security analysis and hide its intent. Once active, it stages malicious payloads in system temporary folders and Windows ProgramData directories before deleting its own artifacts to prevent forensic discovery.
The versions which were published without corresponding tags in the official Axios GitHub repository. The malware communicates with a command-and-control server located at sfrclak.com:8000. Beyond the primary Axios package, the campaign includes related packages such as @shadanai/openclaw and @qqbrowser/openclaw-qbot, which either vendor the malicious code or inject it directly into their dependency trees.
Maintainers faced challenges regaining control of the npm registry account, as the attacker’s permissions reportedly exceed those of the legitimate collaborators. This situation has delayed the removal of the malicious versions from the public registry. The malicious dependency plain-crypto-js@4.2.1 was published just minutes before the compromised Axios versions, suggesting a highly coordinated execution.
As of 8AM CET on 31st of March 2026, the malicious versions of axios are pulled down from NPM. Organizations must immediately audit their dependency trees and lockfiles for the presence of the affected versions and roll them back, and check all releases deployed between the 30th and 31st of March for any dynamically loaded axios@1.14.1, axios@0.30.4, or plain-crypto-js@4.2.1. Ideally, such version should be immediately rebuilt and the system audited, including rotating all secrets.
