The npm ecosystem absorbed one of its most significant supply chain attacks on March 31, 2026, when two versions of Axios, the HTTP client library that sees over 100 million weekly downloads, were found to contain a fully functional Remote Access Trojan. The compromised releases, [email protected] and [email protected], were published to the npm registry via what appears to be a hijacked maintainer account and were live for a window long enough to reach an unknown number of developer environments before being removed.
The attack was first surfaced by Socket, whose automated malware scanner flagged the malicious transitive dependency [email protected] within six minutes of it appearing on the registry. That package had been seeded the previous day as a clean typosquat of the legitimate crypto-js library, then poisoned in a coordinated second publish timed to coincide with the Axios release. Both the 1.x and 0.x branches of Axios were poisoned within 39 minutes of each other, meaning any project floating on a caret range such as ^1.14.0 or ^0.30.0 would have silently pulled in the malicious code on its next install.
Neither version appears in the official Axios GitHub release tags, a break from the project’s normal publish workflow that security researchers on GitHub flagged immediately. A collaborator noted publicly that the attacker’s npm permissions exceeded their own, briefly preventing the team from revoking access. An Axios maintainer subsequently confirmed they are investigating how the compromise occurred, with early analysis pointing to a long-lived npm token used alongside trusted publishing as a likely attack vector.
Feross Aboukhadijeh, founder of Socket, posted on X:
Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware.
Andrej Karpathy also shared his own close call, writing:
Scanning my system I found a use imported from googleworkspace/cli from a few days ago when I was experimenting with gmail/gcal cli. The installed version (luckily) resolved to an unaffected 1.13.5, but the project dependency is not pinned, meaning that if I did this earlier today the code would have resolved to latest and I’d be pwned.
He went on to call for defaults in package managers to change so that a single compromised package cannot spread through users at random via unpinned dependencies. Discussion on Hacker News echoed this, with one commenter noting that setting ignore-scripts=true in ~/.npmrc would alone have mitigated the vulnerability, and observing that both Bun and pnpm do not run install scripts by default.
Any project affected should roll back immediately. The Axios team has formally deprecated the compromised versions on the registry. Projects using alternative HTTP clients such as the native fetch API, got, or ky were not affected. Unlike Axios, those libraries carry no native browser polyfill concerns and ship with significantly smaller dependency trees, a distinction that has prompted renewed conversation in the community about dependency minimalism as a security posture. Wiz, Snyk, Aikido, and StepSecurity have each published detailed incident analyses and remediation guidance.
