Axios npm Package Breach: What You Need to Know
The Cybersecurity and Infrastructure Security Agency issued a formal alert on April 20, warning that the widely used Axios npm package was compromised on March 31, with two poisoned versions deploying a cross-platform remote access trojan onto developer machines, CI/CD pipelines, and build servers worldwide. The advisory, coming nearly three weeks after the initial attack, urges all organizations using Axios to assume compromise if they installed updates during the exposure window and to immediately rotate credentials.
What Happened
On March 31, an attacker hijacked the npm account of Axios lead maintainer Jason Saayman and published two backdoored releases — versions 1.14.1 and 0.30.4 — within 39 minutes of each other. The compromised versions introduced a phantom dependency called plain-crypto-js@4.2.1, a typosquat of the legitimate crypto-js library, which executed a postinstall script to download platform-specific RAT payloads targeting Windows, macOS, and Linux. The malicious packages were live on the npm registry for roughly three hours before being detected and removed.
Both Microsoft and Google attributed the attack to North Korean state-backed threat actors. Microsoft Threat Intelligence identified the group as Sapphire Sleet, while Google Threat Intelligence Group tracked the activity under UNC1069. The attacker bypassed the project's normal GitHub Actions CI/CD pipeline by publishing directly with a stolen npm access token, leaving no corresponding commits or tags in the Axios GitHub repository.
CISA's Guidance
CISA's alert instructs organizations to downgrade immediately to axios@1.14.0 or axios@0.30.3, delete the malicious plain-crypto-js dependency from all environments, and rotate all potentially exposed credentials including version control system tokens, CI/CD secrets, cloud keys, npm tokens, and SSH keys. The agency also recommends blocking outbound connections to Sfrclak[.]com domains, conducting endpoint detection and response hunts for indicators of compromise, and mandating phishing-resistant multifactor authentication across all developer accounts.
Among the longer-term hardening measures, CISA advises setting ignore-scripts=true in npm configuration files to prevent install-time script execution and adopting a minimum release age of seven days before installing new package versions.
Broader Implications
Huntress reported observing at least 135 endpoints across its partner base contacting the attacker's command-and-control infrastructure during the exposure window. Axios sees over 100 million weekly downloads and underpins more than 174,000 dependent packages, giving the attack an outsized blast radius across the JavaScript ecosystem. The incident underscores persistent weaknesses in open-source supply chain security — a single compromised maintainer account turned one of npm's most trusted packages into a malware delivery mechanism.
As the Axios project's own post-mortem noted, the malicious versions "exist only on npm" with no trace in the source repository, highlighting the gap between code review protections and registry-level publishing controls.
