⚠️ Axios Supply Chain Attack — If You Installed Yesterday, Check This

Yesterday (March 31, 2026), one of the most widely used npm packages — axios — was compromised in a supply chain attack. If you (or your CI) ran npm install during a short window, there’s a real chance your environment pulled malicious code. No panic — but you should check. 🚨 What actually happened? A maintainer account was compromised Malicious versions of axios were published: [email protected] [email protected] These versions pulled in a hidden dependency: plain-crypto-js The scary part? 👉 The malware ran automatically via a postinstall script 👉 You didn’t even need to import axios 👉 It targeted macOS, Linux, and Windows 🎯 What it tried to steal: ENV variables Cloud credentials (AWS / GCP / Azure) SSH keys Tokens and secrets 🧪 How to check if you're affected If you installed dependencies between: 00:21 UTC – 03:20 UTC (March 31) Check your lockfile — not just package.json. Look for: [email protected] [email protected] plain-crypto-js Quick check: grep -E "axios" package-lock.json | grep -E "1\.14