The Cybersecurity and Infrastructure Security Agency (CISA) issued a formal alert on April 21, 2026, regarding a critical supply chain compromise of the Axios npm package. Axios, a ubiquitous promise-based HTTP client for JavaScript with over 100 million weekly downloads, was weaponized to deliver a cross-platform Remote Access Trojan (RAT). The agency is urging organizations to immediately audit their development environments and CI/CD pipelines for indicators of compromise.
According to CISA and forensic reports from security firms, the breach originated on March 31, 2026, when an unauthorized actor gained access to the npm account of the lead maintainer. The attacker bypassed GitHub Actions OpenID Connect (OIDC) Trusted Publisher safeguards by manually publishing two backdoored releases—axios@1.14.1 and axios@0.30.4—directly through the npm Command Line Interface (CLI) using a long-lived access token. These versions introduced a phantom dependency titled plain-crypto-js@4.2.1, which was not part of the legitimate Axios codebase.
The malicious dependency executed a post-install script upon package installation or update. This script deployed a multi-stage payload that installed a persistent RAT on macOS, Windows, and Linux systems. The malware was designed to exfiltrate sensitive data, including environment variables, version control system (VCS) tokens, cloud provider keys, and Secure Shell (SSH) keys. Technical analysis revealed that the RAT communicated with a command-and-control (C2) infrastructure hosted on Sfrclak[.]com domains. CISA noted that the malware included sophisticated anti-forensics capabilities, such as self-deletion and replacement with clean decoy files to evade detection.
The impact of the compromise extends beyond standard IT infrastructure. CISA highlighted significant risks to operational technology (OT) environments, where Axios is frequently embedded in industrial web dashboards, edge gateways, and IIoT applications. While the library does not directly control industrial hardware, its presence in the connective tissue between IT and OT layers provides a potential entry point for lateral movement into sensitive industrial networks.
CISA’s remediation guidance mandates that organizations immediately downgrade to known safe versions, specifically axios@1.14.0 or axios@0.30.3. Security teams are instructed to delete the node_modules/plain-crypto-js/ directory and rotate all credentials that may have been exposed on affected systems. Additionally, CISA recommends implementing organization-wide npm configuration changes, such as setting ignore-scripts=true and min-release-age=7, to mitigate future supply chain risks. The agency also advised blocking all outbound traffic to known malicious domains and implementing phishing-resistant multifactor authentication (MFA) for all developer accounts.
This incident underscores the persistent vulnerability of the open-source ecosystem to account takeovers and the limitations of automated publishing workflows when legacy tokens remain active. CISA continues to coordinate with the npm registry and the Axios development team to monitor for further malicious activity.