Axios npm Compromise Shows How Fast a Maintainer Token Can Become a Supply-Chain Incident
Original: Axios compromised on NPM – Malicious versions drop remote access trojan View original →
Hacker News rapidly amplified a serious npm supply-chain incident on March 31, 2026 after StepSecurity disclosed two malicious axios releases. The HN thread crossed 720 points and 233 comments the same day, reflecting how widely the JavaScript ecosystem depends on axios.
What happened
According to StepSecurity’s incident report, the compromised releases were [email protected] and [email protected]. StepSecurity says they were published with stolen npm credentials from a lead maintainer, outside the project’s normal GitHub Actions plus OIDC publishing flow. The report says the attacker changed the account email to a ProtonMail address and manually pushed poisoned builds with the npm CLI.
- The malicious axios packages added a runtime dependency,
[email protected]. - That package was not imported anywhere in axios source code; its role was to trigger a
postinstallscript. - StepSecurity says the script acted as a cross-platform RAT dropper for macOS, Windows, and Linux and called out to a live C2 server.
The report also lays out a detailed timeline. A clean-looking decoy package was published first, then a malicious [email protected], then the two axios versions 39 minutes apart. npm later removed the affected axios releases and replaced the dependency with a security-holder stub. StepSecurity’s conclusion is blunt: if a system installed [email protected] or [email protected], it should be treated as compromised.
Why it matters
This incident stands out because the attacker avoided obvious source-code tampering inside axios itself. Instead, the malicious logic lived in an added dependency and abused installation-time execution. That makes registry metadata, trusted publishing, and anomaly detection more important than a simple diff of application code.
For teams that pin or audit JavaScript dependencies, this is a reminder to check registry provenance, CI publishing identity, and any unexpected postinstall behavior before treating a release as safe. The original source is StepSecurity’s incident write-up; community discussion is in the Hacker News thread.
Related Articles
On May 11, 2026, an attacker chained three GitHub Actions vulnerabilities to publish 84 malicious versions across 42 @tanstack/* npm packages. Developers who installed affected versions must immediately rotate all credentials.
Hacker News treated the Bitwarden CLI compromise as the sort of GitHub Actions failure that becomes far more serious when the package sits near secrets, tokens, and password-manager workflows. By crawl time on April 25, 2026, the thread had 855 points and 416 comments.
Sierra, the AI customer agent platform co-founded by OpenAI board chair Bret Taylor, raised $950M in a Series E led by Tiger Global and GV at a $15.8B valuation. The company grew ARR from $100M to $150M in just three months, signaling surging enterprise demand for AI agents.
Comments (0)
No comments yet. Be the first to comment!