A sophisticated cyberattack has exposed a critical vulnerability in the npm JavaScript package registry, allowing hackers to inject malicious code into the widely used axios HTTP client library. The compromised versions, briefly live for three hours, contained a cross-platform remote access trojan (RAT) targeting macOS, Windows, and Linux systems. This incident highlights a fundamental flaw in the software supply chain where outdated authentication methods undermine even the most advanced security measures.
The Attack: Precision Targeting of a Core Dependency
Attackers exploited a long-lived npm access token belonging to a lead axios maintainer, bypassing modern security protocols like GitHub Actions CI/CD and SLSA provenance attestations. The malicious packages, axios@1.14.1 and axios@0.30.4, deployed a hidden dependency (plain-crypto-js@4.2.1 ) that executes a post-install script, silently installing the RAT on developer machines. The attackers staged the attack by first publishing a clean version of the malicious dependency to establish credibility before deploying the weaponized version.
This breach is particularly concerning given that axios powers approximately 80% of cloud and code environments, including React front-ends, CI/CD pipelines, and serverless functions. Wiz reports that over 100 million downloads per week rely on this library, meaning the potential reach of the attack is massive. Huntress detected first infections just 89 seconds after the malicious packages went live, with at least 135 compromised systems identified among its customers.
Recurring Pattern: Credential Compromise Remains the Core Weakness
This incident marks the third major npm supply chain compromise in seven months, all stemming from stolen maintainer credentials. Despite industry-wide efforts to harden the ecosystem after the Shai-Hulud worm in 2025 and subsequent vulnerabilities discovered by Koi Security, the fundamental issue remains: individual maintainer accounts are still the weakest link.
The attackers bypassed the project’s security stack by exploiting the fact that npm defaults to long-lived classic tokens if both OIDC and legacy tokens are present. This means that even with modern authentication mechanisms in place, an outdated credential can silently override them. As Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, explains, “Modern controls get deployed, but if legacy tokens or keys aren’t retired, the system quietly favors them.”
Immediate Steps for Organizations
Organizations using Node.js should treat this as an active incident until clean systems are confirmed. The exposure window fell during peak development hours, and CI/CD pipelines may have automatically pulled the compromised versions.
The following steps are crucial:
- Check for Exposure: Search lockfiles and CI logs for the malicious
axiosversions (1.14.1,0.30.4) or the hidden dependency (plain-crypto-js). - Pin Dependencies: Immediately pin to known-good versions (
axios@1.14.0oraxios@0.30.3). - Assume Compromise: Rebuild affected machines from a known-good state and rotate all accessible credentials (npm tokens, AWS keys, SSH keys, CI/CD secrets).
- Block Command & Control: Add
sfrclak.comand142.11.206.73to DNS blocklists and firewall rules. - Scan for Artifacts: Check for RAT artifacts on affected systems (see original article for OS-specific locations).
The Bigger Problem: The Credential Gap Remains Open
The axios breach underscores a critical flaw in the software supply chain: reliance on individual maintainer accounts as the ultimate trust anchor. Despite industry efforts to improve security, credential compromise remains the primary attack vector. Until npm enforces mandatory provenance attestation or multi-party signing, the ecosystem will remain vulnerable.
As Baer concludes, “Credential compromise is the recurring theme across npm breaches… We mitigate risk. We don’t eliminate it.” The axios maintainer followed best practices, yet a legacy token undermined all of those efforts. The fundamental problem isn’t just weak passwords; it’s a structural flaw where outdated authentication methods silently override modern security measures.
