Developers relying on axios — the JavaScript HTTP client installed over 300 million times weekly — woke up Tuesday to a nightmare scenario: two versions of the package had been quietly weaponised to install a Remote Access Trojan (RAT) on their machines. No warning. No suspicious code in axios itself. Just a routine npm install silently opens a backdoor.
Security researchers at StepSecurity and Socket confirmed that the attacker compromised the npm credentials of the lead maintainer of axios, changed the account's registered email to an anonymous ProtonMail address, and manually published two poisoned releases — [email protected] and [email protected] — bypassing the project's standard GitHub Actions CI/CD pipeline entirely.
The Trojan Horse No One Saw Coming
Neither malicious version contained a single line of harmful code inside axios itself. Instead, both releases injected a fake dependency — [email protected] — that is never imported anywhere in the axios source. Its sole function was to fire a postinstall script that deployed a cross-platform RAT dropper, contacting a live command-and-control (C2) server to deliver separate second-stage payloads for macOS, Windows, and Linux.
The attack was pre-staged with chilling precision. A clean decoy version of plain-crypto-js was published roughly 18 hours earlier to establish a publishing history on npm, making the account appear less suspicious to automated security scanners before the malicious payload was introduced.
What makes this attack particularly dangerous is its ability to evade forensic analysis. After deploying its payload, the dropper deleted itself, removed the incriminating postinstall hook from package.json, and replaced it with a clean stub — meaning any developer who inspected their node_modules folder after the fact would find no evidence anything had ever gone wrong.
Platform-specific payloads compounded the damage: macOS systems received a binary disguised under Apple's cache naming conventions, Windows machines got a PowerShell script that ran entirely hidden with execution policy bypassed, and Linux systems were hit with a Python RAT dropped silently into /tmp.
A key red flag in the npm registry metadata: every legitimate axios 1.x release is published via GitHub Actions using npm's OIDC Trusted Publisher mechanism, cryptographically tied to a verified workflow. [email protected] breaks that pattern entirely — published manually via a stolen npm access token with no OIDC binding and no corresponding GitHub commit or tag.
What You Need to Do Right Now
If your project runs [email protected] or [email protected], treat the system as compromised and act immediately:
- Downgrade: Pin to [email protected] (1.x users) or [email protected] (0.x users)
- Hunt for artifacts: Check for
/Library/Caches/com.apple.act.mond(macOS),%PROGRAMDATA%\wt.exe(Windows), or/tmp/ld.py(Linux) - Rotate everything: npm tokens, AWS keys, SSH keys, .env secrets, and any cloud credentials accessible at install time
- Audit CI/CD logs: Any pipeline that ran npm install with these versions should have all secrets rotated
- Harden going forward: Add
--ignore-scriptsto CI npm installs to prevent postinstall hooks from executing automatically
The investigation is ongoing. Given axios's staggering download numbers, the potential blast radius of this attack — touching frontend frameworks, backend APIs, and CI pipelines alike — is among the most significant npm supply chain incidents on record.