axios Compromised: A Supply Chain Attack on npm's Most Popular HTTP Client
Contents
On March 31, 2026, two malicious versions of axios
- the most popular HTTP client in the JavaScript ecosystem with over 100 million weekly downloads - were published to npm. Both versions deployed a cross-platform remote access trojan (RAT) onto every machine that installed them.
This wasn't a typosquat. This wasn't a lookalike. This was the real axios
package, published by a compromised maintainer account, targeting both the modern 1.x and legacy 0.x release branches simultaneously.
If you installed [email protected]
or [email protected]
, assume your system is compromised.
How We Caught It
Our risk engine, Wings, flagged both releases within minutes of publication. The signals were immediate and unambiguous: a new runtime dependency that had never appeared in any prior axios release, a postinstall hook executing an obfuscated script, and outbound network connections to an unknown external domain during installation.
Koi customers with policy enforcement enabled had both versions blocked automatically. The malicious packages never reached their developer machines.
The …
- the most popular HTTP client in the JavaScript ecosystem with over 100 million weekly downloads - were published to npm. Both versions deployed a cross-platform remote access trojan (RAT) onto every machine that installed them.
This wasn't a typosquat. This wasn't a lookalike. This was the real axios
package, published by a compromised maintainer account, targeting both the modern 1.x and legacy 0.x release branches simultaneously.
If you installed [email protected]
or [email protected]
, assume your system is compromised.
How We Caught It
Our risk engine, Wings, flagged both releases within minutes of publication. The signals were immediate and unambiguous: a new runtime dependency that had never appeared in any prior axios release, a postinstall hook executing an obfuscated script, and outbound network connections to an unknown external domain during installation.
Koi customers with policy enforcement enabled had both versions blocked automatically. The malicious packages never reached their developer machines.
The …