Npm Supply-Chain Compromise Via Malicious Dependency Injection

Issue 90 Edition 2026-03-31 4 min read

General

Sources: 1 • Confidence: High • Updated: 2026-04-13 03:56

Key takeaways

Axios versions 1.14.1 and 0.30.4 introduced a new dependency named plain-crypto-js.
The malicious Axios releases were published to npm without an accompanying GitHub release.
Using npm trusted publishing would ensure only the Axios GitHub Actions workflows can publish releases to npm.
The plain-crypto-js package was freshly published malware that stole credentials and installed a remote access trojan (RAT).
Axios, an HTTP client npm package with roughly 101 million weekly downloads, was targeted in a supply chain attack.

Axios versions 1.14.1 and 0.30.4 introduced a new dependency named plain-crypto-js.
The plain-crypto-js package was freshly published malware that stole credentials and installed a remote access trojan (RAT).
Axios, an HTTP client npm package with roughly 101 million weekly downloads, was targeted in a supply chain attack.

The malicious Axios releases were published to npm without an accompanying GitHub release.
A similar pattern of npm publication without a matching GitHub release was observed in the LiteLLM incident the prior week.

Using npm trusted publishing would ensure only the Axios GitHub Actions workflows can publish releases to npm.
The unauthorized npm publishing of the malicious Axios versions likely originated from a leaked long-lived npm token.

What is the confirmed compromise vector for the malicious Axios publishes (e.g., audit-log-confirmed token theft vs another mechanism)?
What was the real-world propagation and impact scope (how many downstream projects pulled the malicious versions, and in what environments did execution occur)?
What indicators of compromise (IOCs) and command-and-control details are associated with the plain-crypto-js malware, and what endpoints should be examined first?
What were the exact publication times, discovery time, and remediation actions (yanks, patches, advisory publication), and how long the malicious versions were available?
Was trusted publishing actually adopted for Axios after the incident, and were manual token-based publishing paths disabled or restricted?

Organizations may increase spend on software supply chain security controls that detect registry versus source release mismatches and malicious dependency injection.
Adoption of npm trusted publishing and CI bound publishing identity controls could accelerate to reduce risk from leaked or misused long lived publish tokens.
Downstream projects may prioritize dependency governance and monitoring for newly introduced transitive dependencies in high download packages.

Public disclosure of the confirmed compromise vector for the malicious Axios publishes, such as audit log evidence of token theft or other access mechanism.
Documented impact scope showing downstream propagation, environments where the malicious versions executed, and associated indicators of compromise and command and control details.
Remediation details including exact publication and discovery timeline, yanks or patches, advisory issuance, and whether trusted publishing was adopted and manual token publishing restricted.

Evidence showing minimal or no downstream installs of the malicious versions, limiting real world execution and reducing urgency of broad control changes.
Findings that the event was not a compromise of the maintainer publishing path, such as a reporting error or misattribution of package versions.
Clear proof that similar registry versus source mismatches are common benign workflow artifacts, weakening it as a reliable monitoring heuristic.