Axios npm Compromise Shows How Fast a Maintainer Token Can Become a Supply-Chain Incident
Original: Axios compromised on NPM – Malicious versions drop remote access trojan View original →
Hacker News rapidly amplified a serious npm supply-chain incident on March 31, 2026 after StepSecurity disclosed two malicious axios releases. The HN thread crossed 720 points and 233 comments the same day, reflecting how widely the JavaScript ecosystem depends on axios.
What happened
According to StepSecurity’s incident report, the compromised releases were [email protected] and [email protected]. StepSecurity says they were published with stolen npm credentials from a lead maintainer, outside the project’s normal GitHub Actions plus OIDC publishing flow. The report says the attacker changed the account email to a ProtonMail address and manually pushed poisoned builds with the npm CLI.
- The malicious axios packages added a runtime dependency,
[email protected]. - That package was not imported anywhere in axios source code; its role was to trigger a
postinstallscript. - StepSecurity says the script acted as a cross-platform RAT dropper for macOS, Windows, and Linux and called out to a live C2 server.
The report also lays out a detailed timeline. A clean-looking decoy package was published first, then a malicious [email protected], then the two axios versions 39 minutes apart. npm later removed the affected axios releases and replaced the dependency with a security-holder stub. StepSecurity’s conclusion is blunt: if a system installed [email protected] or [email protected], it should be treated as compromised.
Why it matters
This incident stands out because the attacker avoided obvious source-code tampering inside axios itself. Instead, the malicious logic lived in an added dependency and abused installation-time execution. That makes registry metadata, trusted publishing, and anomaly detection more important than a simple diff of application code.
For teams that pin or audit JavaScript dependencies, this is a reminder to check registry provenance, CI publishing identity, and any unexpected postinstall behavior before treating a release as safe. The original source is StepSecurity’s incident write-up; community discussion is in the Hacker News thread.
Related Articles
Cloudflare said on March 30, 2026 that its advanced Client-Side Security tools are now available to all users. Cloudflare's blog says the release combines graph neural networks with LLM triage, cuts false positives by up to 200x, and makes advanced client-side protections self-serve while adding complimentary domain-based threat intelligence in the free bundle.
A high-signal Hacker News thread tracks the Cline supply-chain incident and its five-step attack chain from prompt injection to malicious package publish. The key takeaway is that AI-enabled CI workflows need stricter trust boundaries and provenance controls.
HN latched onto Answer.AI's PyPI analysis because it puts numbers behind an uncomfortable question: AI may be accelerating iteration inside AI tools, but the broad software boom many people expected is still hard to see in public package data.
Comments (0)
No comments yet. Be the first to comment!