Axios npm Supply Chain Attack: Rogue Dependency Hijacks CI/CD

Name: Millions of JS devs just got penetrated by a RAT…
Uploaded: 2026-03-31T19:29:04.334361+00:00
Duration: 4 min 58 s
Channel: Fireship
Description: Summary and key takeaways on Axios npm Supply Chain Attack: Rogue Dependency Hijacks CI/CD, covering The Axios Compromise On March 31 2026, the popular

Fireship

Mar 31, 2026

•

4 min video

•

3 min read

YouTube video ID: o7NYXvYohYk

Source: YouTube video by Fireship — Watch original video

PDF

On March 31 2026, the popular JavaScript library Axios—downloaded over 100 million times each week—was breached through two malicious versions published to the npm registry. The attacker did not inject malicious code into Axios itself; instead, a rogue dependency named plain-crypto-JS was added to the release. This supply‑chain attack targets developer machines and CI/CD servers, allowing the attacker to infiltrate build pipelines and production environments.

“The two different malicious versions of Axios were published to the MPM registry that contained a highly sophisticated supply chain attack that compromises developer machines and CI/CD servers.”
“The scariest thing is that Axios itself contains zero lines of bad source code.”

Identification and Remediation

Developers should first inspect their package.json for the compromised Axios versions. If those versions appear, the next step is to look inside node_modules for a folder named plain-crypto-JS. Presence of this folder indicates the malicious dependency has been installed.

System‑specific commands can then be run to detect the embedded Remote Access Trojan (RAT). Simply deleting the RAT is not enough; all exposed API keys and tokens—such as AWS or OpenAI credentials—must be rotated immediately. Comprehensive remediation guidance is available from Step Security.

Attack Mechanism

The breach originated from a compromised npm maintainer account. Unlike typical automated releases, the attacker used a Proton Mail address to publish the malicious packages, bypassing the usual GitHub action workflow.

The rogue plain-crypto-JS package contains a post‑install script that functions as a rat dropper. When npm install triggers the script, it first detects the host operating system, contacts a command‑and‑control server, and fetches a second‑stage payload tailored to that OS. The payload writes itself to disk, establishes remote access, exfiltrates credentials, and then erases its own traces—including the post‑install script and modifications to package.json—so that npm audit reports no issues.

“The script will first detect the system you're running, then reach out to a remote command and control server where it can fetch a second stage payload tailored to your operating system.”
“It deletes itself, it deletes the package JSON and removes the post install script among other things so that the end result is running npm audit that doesn't raise any red flags.”

Rat Dropper Lifecycle

Trigger – npm install runs the post‑install script in plain-crypto-JS.
Detection – The script identifies the host OS.
Fetch – It contacts a C2 server to download a matching second‑stage payload.
Execution – The payload is written to disk and executed, establishing remote access.
Exfiltration – The RAT steals credentials (e.g., AWS, OpenAI keys) and other sensitive files.
Cleanup – The script removes itself, alters package.json, and deletes the post‑install script, evading audit tools.

Security Remediation

Verify package.json for the compromised Axios versions.
Search node_modules for plain-crypto-JS.
Run the recommended detection commands for your operating system.
Delete the RAT and rotate every API key and token immediately.
Follow Step Security’s step‑by‑step remediation guide for additional hardening measures.

Takeaways

The Axios library was compromised through two malicious versions published to npm, using a rogue dependency rather than altering Axios code.
The rogue dependency, named plain-crypto-JS, runs a post‑install script that drops a remote‑access trojan tailored to the host OS.
The trojan steals credentials such as AWS and OpenAI keys, then deletes its own files and package metadata to evade npm audit detection.
Developers can identify infection by checking package.json for the malicious Axios versions and looking for a plain-crypto-JS folder in node_modules, then running system‑specific detection commands.
Immediate remediation requires removing the RAT, rotating all API keys and tokens, and following Step Security’s detailed guidance.

Frequently Asked Questions

How does the plain-crypto-JS post‑install script deliver the remote‑access trojan?

The script activates during npm install, detects the host operating system, contacts a command‑and‑control server, and downloads a second‑stage payload specific to that OS. The payload is then written to disk, executed to establish remote access, and finally erases its own traces to avoid detection.

What steps should developers take to remediate the compromised Axios dependency?

Developers must check package.json for the malicious Axios versions, locate the plain-crypto-JS folder in node_modules, run system‑specific detection commands, delete the RAT, and immediately rotate all exposed API keys and tokens. Following Step Security’s remediation guide adds further protection.

Who is Fireship on YouTube?

Fireship is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Hardware Security Key For Two Factor Authentication Recommended

A physical security key provides hardware-based MFA, which prevents attackers from accessing accounts even if they steal credentials via a RAT.

Amazon →

Book On Software Supply Chain Security

Provides foundational knowledge on how to audit dependencies and secure development environments against sophisticated supply chain attacks.

Amazon →

Offline Password Manager Hardware Device

Storing sensitive API keys and credentials in an offline, encrypted hardware device prevents them from being exfiltrated by remote access trojans.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

If you're a JavaScript developer, I have
some bad news. But put down your artisal
soy milk latte and find a safe space to
watch this video because it will almost
certainly make you cry. I can hardly
keep it together myself because
yesterday a precisiong guided remote
access Trojan or RAT was discovered in
Axios, a library with over 100 million
weekly downloads on npm. For over a
decade, countless developers have turned
to Axios to improve the developer
experience when making HTTP requests in
Node.js in the browser. But now that
improved developer experience just
turned into non-consentual backdoor
penetration by a magnumsized Trojan. The
two different malicious versions of
Axios were published to the MPM registry
that contained a highly sophisticated
supply chain attack that compromises
developer machines and CI/CD servers. If
you use Axios and are running either of
these versions, the quick fix is to go
into your garage, find a sledgehammer,
destroy your machine, fake your own
death, and then move to a remote village
in the Siberian tundra. And I'm not
exaggerating. If your system is
compromised, the rat could already have
access to your AWS credentials, your
OpenAI API keys, and everything else in
your file. It's a bad one. And in
today's video, we'll break down one of
the most sophisticated npm hacks the
world has ever seen. It is March 31st,
2026, and you're watching the code
report. Over 10 years ago, Axios became
extremely popular after it made HTTP
requests promise-based instead of
callback based. But now today, every
JavaScript runtime supports fetch
natively, which in theory should have
made Axios obsolete. Yet many developers
still prefer to use this thirdparty
library over the native web platform.
Unfortunately though, optimizing for DX
with a third party library just went
horribly wrong. And the scariest thing
is that Axios itself contains zero lines
of bad source code. Instead of just
hard- coding a crypto miner into the
package like a noob, the attacker
slipped a rogue dependency into the
release. It triggered a post install
script that pulled down a remote access
Trojan from a command and control server
that then wiped its own footprints so
everything looked clean after the
install. Before we go into details
though, let's take a minute to find out
if you've been penetrated. First, go
into your package JSON file and find out
if you have either of these versions of
Axios installed. If you answered yes,
this package may have run a postinstall
script to install another package called
plain-crypto-JS.
Then go into your node modules and see
if you have this package installed
there. If your project tests positive
for this package, you can then run these
commands from Mac, Windows, and Linux to
find out if there's an actual RAT living
on your machine or remote access Trojan.
If the RAT file is found, you are
screwed. Your system is compromised, and
simply deleting the RAT is not enough.
You'll want to immediately roll all API
keys and tokens and follow this guide
over at Step Security for more
instructions. But the big question is,
how did this even happen? Well, it
starts almost the same way every other
hack starts. that the project
maintainer's npm account was
compromised. Normally releases are
published with a GitHub action, but in
the malicious versions, they were
published under a Proton Mail address.
The attacker obtained an npm access
token to publish these packages, but how
they actually obtained it is unclear at
this point. In any case, the attacker
maintained another package called plain
crypto.js that looks identical to the
legitimate cryptojs package. Most
importantly, the bad version of this
package contains a post install script
that runs some JavaScript code to
install the RAT on your machine. It's
called the rat dropper. And although the
code was obiscated, is step security was
able to analyze it. The rat dropper
works by piggybacking on npm installs
life cycle. The script will first detect
the system you're running, then reach
out to a remote command and control
server where it can fetch a second stage
payload tailored to your operating
system. Once downloaded, it then writes
the payload to disk that then executes
it to establish remote access at which
point it can steal your credentials
remotely and do all kinds of other bad
stuff. And then finally, it cleans up
after itself to avoid detection. It
deletes itself. It deletes the package
JSON and removes the post install script
among other things so that the end
result is running mpm audit that doesn't
raise any red flags. And that's the
story of how a single MPM install turned
your machine into a botnet, which really
makes you appreciate rocksolid platforms
like MX, the sponsor of today's video.
Their highly customizable API is by far
the easiest way to host and stream
videos in your application. But now, it
also gives you building blocks that let
you program against your videos. You can
use their API and SDKs to get captions,
clips, and other video data to build
powerful features like video search and
content moderation without having to
roll your own infrastructure. MX also
stewards the web's most popular
open-source video player. Video.js,
which just launched a fully rebuilt
version 10 that's 88% smaller and a lot
more modern. The companies like Cursor
and Patreon use Muk for all their video
features, and the free tier gets you 10
videos and 100,000 delivery minutes per
month. Plus, you'll get an extra $50 in
credits if you sign up today at
mx.com/fireship.
This has been the Code Report. Thanks
for watching, and I will see you in the
next one.