One compromised npm publish token. 174,000 dependent projects. Over 100 million weekly downloads. A remote access trojan deployed in 1.1 seconds — and then the evidence deleted itself.
The Axios npm supply chain attack dropped today. We ran detection on our EC2 infrastructure immediately. Here's the full breakdown: what happened, how to check if you're affected, and what it means for organizations that depend on the JavaScript ecosystem — which is most of them.
Compromised Versions: axios@1.14.1 and axios@0.30.4
Malicious Dependency: plain-crypto
First Reported By: socket.dev
Impact: Remote Access Trojan (RAT) deployed via postinstall script
What Happened
An attacker compromised an npm publish token for the Axios package — the most popular HTTP client in the JavaScript ecosystem. Using the stolen token, they published two malicious versions:
- axios@1.14.1 — targeting projects on the latest major version
- axios@0.30.4 — targeting legacy projects still on the 0.x branch
Both versions added a new dependency: plain-crypto. This package didn't do any cryptography. It was a dropper.
The Attack Chain
Malicious axios versions add plain-crypto as a dependency. It installs automatically with npm install.
plain-crypto defines a postinstall script that executes immediately after installation. No user action required. No prompt. No warning.
The postinstall script writes a file called setup.js to disk. The payload is obfuscated using XOR + Base64 encoding — enough to evade most static analysis and pattern-matching scanners.
setup.js executes and establishes a remote access trojan — full reverse shell capability. The attacker can execute arbitrary commands, exfiltrate data, move laterally, or deploy additional payloads.
After execution, setup.js deletes itself. The dropper removes its own evidence. If you weren't watching in real time, you wouldn't know it happened.
Translation for leadership: If anyone in your organization ran npm install on a project that uses axios during the window these versions were live, the attacker may have had full remote access to that machine. CI/CD servers, developer laptops, staging environments, production builds — anything that ran the install.
Indicators of Compromise (IoCs)
| Indicator | Type | Description |
|---|---|---|
axios@1.14.1 | Package Version | Compromised latest-branch version |
axios@0.30.4 | Package Version | Compromised legacy-branch version |
plain-crypto | Malicious Dependency | Dropper package added by compromised axios |
setup.js | Dropper File | XOR+Base64 obfuscated RAT loader (self-deleting) |
if.stoppro.mme | Email / C2 Indicator | Associated with the attacker infrastructure |
| Postinstall script | Execution Vector | Automatic execution on npm install |
Detection Commands
Run these on every machine that builds or deploys JavaScript projects. CI/CD servers first.
If any of these return results: the machine is hostile. Rotate all credentials. Revoke all tokens. Rebuild from a clean image. Do not attempt to "clean" the machine — you cannot trust it.
QSL EC2 Scan Results: Clean
We ran the full detection suite on our EC2 production infrastructure immediately. Here are the results:
QSL EC2 Infrastructure — CLEAN
- No
plain-cryptoin any lockfile — searched everypackage-lock.jsonon disk - No compromised axios versions — all installs on 1.13.4 / 1.13.5 (current stable)
- No suspicious
setup.jsfiles — no recently-created dropper artifacts - No malicious processes running — no
plain-cryptoorsetup.jsin process table - CrawDaddy has zero axios surface — uses native
fetch+ethers, no axios dependency
Our AI agent security scanner, CrawDaddy, was never exposed because it doesn't use axios at all. The payment watcher uses Express with native HTTP. The OpenClaw seller runtime uses the built-in fetch API. This is why dependency minimalism matters — every dependency you don't have is an attack surface that can't be compromised.
Remediation Checklist
Immediate (Do Now)
- Run the detection commands above on all build machines, CI/CD servers, and developer workstations
- Pin axios to a known-good version:
"axios": "1.13.5"(do not use^or~range) - If compromised: assume full breach. Rotate ALL secrets, tokens, API keys, and credentials the machine had access to
- Check CI/CD pipeline logs for
npm installruns during the attack window
Short-Term (This Week)
- Enable
npm auditin CI pipelines and fail builds on critical advisories - Add
--ignore-scriptsas default for CI installs where postinstall hooks aren't needed - Review all projects for
plain-cryptoin dependency trees:npm ls plain-crypto - Implement lockfile integrity checks — alert on unexpected dependency additions
Long-Term (This Quarter)
- Adopt a software composition analysis (SCA) tool that monitors for dependency hijacks in real time
- Generate and maintain Software Bills of Materials (SBOMs) for all production applications
- Minimize dependency surface — every package you add is trust you're extending. Use native APIs where possible.
- Require 2FA and publish token rotation for all npm accounts in your organization
- Consider private npm registries with allow-listing for approved packages
HIPAA Note for Healthcare Organizations
HIPAA Breach Notification: If any system that processes, stores, or transmits Protected Health Information (PHI) was running a compromised axios version, this constitutes a security incident that may trigger the 60-day breach notification clock under the HIPAA Breach Notification Rule (45 CFR §§ 164.400-414).
The 60-day clock starts at discovery, not confirmation. Reading this article and running detection is a discovery event. If you find compromise, your notification obligation has already begun.
Healthcare organizations should:
- Document the date and time you ran detection commands (your discovery timestamp)
- If
plain-cryptois found on any PHI-adjacent system, initiate your incident response plan immediately - Engage legal counsel to assess breach notification requirements
- Preserve all logs — the RAT self-deletes, but npm cache, network logs, and system journals may retain evidence
- Report to HHS OCR if the breach affected 500+ individuals
The Bigger Picture
This is the same story as XZ Utils. The same story as SolarWinds. The same story as event-stream. The supply chain is the attack surface now.
One compromised npm token on one unpaid maintainer's account. 174,000 projects at risk. Static analysis missed it. Your firewall missed it. It arrived through a trusted package manager, a trusted library, and a trusted account.
"The attacker didn't break in. They walked in through the front door with someone else's keys."
The XOR + Base64 obfuscation in the dropper was simple — deliberately so. It didn't need to be sophisticated. It just needed to survive the 1.1 seconds between npm install and full remote access. By the time any scanner could have flagged it, the RAT was running and the dropper was gone.
This is why Quantum Shield Labs builds security tools that assume the dependency chain is hostile. CrawDaddy scans for quantum-vulnerable cryptography, exposed secrets, and supply chain risk because the modern threat model requires it. The XZ backdoor was discovered by luck. This one was discovered by socket.dev's automated analysis. Next time might be neither.
Sources & Further Reading
- socket.dev — original disclosure and analysis of compromised axios versions
- npm security advisory for axios@1.14.1 and axios@0.30.4
- HIPAA Breach Notification Rule — 45 CFR §§ 164.400-414
- NIST SP 800-161 Rev. 1 — Cybersecurity Supply Chain Risk Management
- OpenSSF Scorecard — automated security health metrics for open source projects
Scan Your Repo. Get Your Grade.
CrawDaddy checks for supply chain risk, quantum-vulnerable cryptography, exposed secrets, and agent security in one scan. $0.49 USDC per scan.