What if the most popular HTTP library in JavaScript was silently installing a remote access trojan on your development machine?

On March 31, 2026, that nightmare became reality. Two malicious versions of Axios — the JavaScript HTTP client used by over 70 million developers weekly — were published to npm. The payload? A multi-stage remote access trojan that targets Windows, macOS, and Linux alike. The attribution? Sapphire Sleet, a North Korean state-sponsored threat actor.

Here's the kicker: this wasn't a zero-day in Axios itself. The package's core code wasn't modified. Instead, the attacker — having compromised the lead maintainer's npm account through a targeted social engineering campaign — simply added a malicious dependency called plain-crypto-js@4.2.1 that runs silently during npm install. No user interaction required. No suspicious code changes visible in the main library. Just a quiet, automatic backdoor that activates the moment you update your dependencies.

The Attack in 3 Hours

The timeline is chilling in its efficiency:

  • ~2 weeks before March 31: A social engineering campaign targets the Axios lead maintainer, ultimately compromising their machine with RAT malware.
  • March 30, 05:57 UTC: The attacker publishes plain-crypto-js@4.2.0 to npm — the delivery vehicle.
  • March 31, 00:21 UTC: axios@1.14.1 is published with the malicious dependency injected.
  • March 31, ~01:00 UTC: axios@0.30.4 follows, carrying the same payload.
  • March 31, ~01:00 UTC: First external detections fire. Community members start filing issues.
  • Within hours: CISA issues an urgent alert. Microsoft Threat Intelligence attributes the attack to Sapphire Sleet. npm removes the malicious versions.

Three hours. That's all it took for a state actor to weaponize the most trusted HTTP library in the JavaScript ecosystem.

How It Actually Works

The technique is elegantly devious. The attacker didn't modify Axios's application logic — they didn't need to. Instead, they added a dependency (plain-crypto-js) that:

  1. Executes automatically via a post-install script during npm install or npm update
  2. Connects to attacker-controlled infrastructure at sfrclak.com
  3. Downloads a second-stage RAT payload tailored to the victim's operating system
  4. Establishes persistent backdoor access to the development environment

From there, the attacker can steal source code, manipulate applications, exfiltrate data, or pivot deeper into corporate networks. And because the malicious code only runs at install time — not during normal application execution — the app itself behaves completely normally, making detection significantly harder.

Are You Affected?

If you've run npm install or npm update with Axios versions 1.14.1 or 0.30.4 between March 31 and the takedown, you need to act immediately:

  1. Downgrade now: Revert to axios@1.14.0 or axios@0.30.3
  2. Delete the payload: Remove node_modules/plain-crypto-js/ from all projects
  3. Rotate everything: Cloud keys, npm tokens, SSH keys, CI/CD secrets — assume compromise
  4. Block C2: Deny all outbound connections to sfrclak.com
  5. Monitor: Watch for unexpected child processes and anomalous network behavior during npm operations

Check your lockfile with this one-liner:

grep -E "axios@(1\.14\.1|0\.30\.4)|plain-crypto-js" package-lock.json yarn.lock 2>/dev/null

If anything comes back, treat that machine as compromised.

The Bigger Picture: Supply Chain Is the New Battlefield

This isn't an isolated incident. The Axios compromise follows a pattern of increasingly sophisticated supply chain attacks targeting widely adopted open-source frameworks. From the Trivy compromise earlier this year to the xz Utils backdoor in 2024, the pattern is clear: compromise one popular package, and you potentially access thousands of downstream organizations.

CISA, Microsoft, GitHub, Socket, and StepSecurity have all weighed in with guidance. Their consensus? The old rules of dependency management aren't enough anymore.

How to Not Be Next

Here are the hardening steps every team should implement today:

  • Phishing-resistant MFA on all developer accounts and deployment platforms — no exceptions
  • Pin versions in production: Don't auto-update dependencies without review
  • Lockfiles are law: Never run npm install without an existing lockfile in CI/CD
  • Disable install scripts: Add ignore-scripts=true to your .npmrc
  • Enforce release maturity: Use min-release-age=7 in .npmrc to avoid freshly published packages
  • Scan dependencies: Use tools like Socket, Snyk, or Dependabot to catch anomalies before they reach production
  • Assume breach: Segment developer environments from production secrets

What This Means for Open Source

The Axios incident exposes a painful truth: open-source sustainability and security are in direct tension. A library with 70 million weekly downloads was maintained by a small team with limited resources. One compromised maintainer account was all it took.

The maintainer — Jason Saayman — has since published a detailed post-mortem, disabled the compromised account, and is implementing security improvements including immutable releases, OIDC-based publishing, and hardened GitHub Actions. But the broader question remains: how many other popular packages are one social engineering email away from the same fate?

The JavaScript ecosystem runs on trust. And trust, it turns out, is the perfect attack surface.

Sources: Microsoft Security Blog, Axios GitHub Post-Mortem, CISA Alert, Orca Security Analysis