What Happened
StepSecurity’s behavioral monitoring system flagged an anomalous npm release on March 30, 2026, within 14 minutes of publication. Two malicious versions of the axios HTTP client library — v1.14.1 and v0.30.4 — had been published to the npm registry after an attacker compromised the npm account of lead maintainer “jasonsaayman” and changed its registered email address to a Proton Mail address under their control.
The malicious versions introduce a new dependency, plain-crypto-js@4.2.1, which does not appear anywhere in the legitimate axios source code. The package’s sole function is executing a postinstall script that drops a cross-platform remote access trojan on macOS, Windows, and Linux. On installation, the script profiles the operating system, contacts a live command-and-control server, and delivers platform-specific second-stage payloads. After execution, the malware deletes itself and overwrites its own package.json with a clean version to obstruct forensic analysis.
The attack is tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306. Both malicious versions have been removed from the registry and the compromised account has been secured. Axios reports approximately 83 million weekly npm downloads and more than 2 million dependent packages, making this one of the largest-scale npm supply chain attacks on record.
Why This Matters for Canadian Organizations
Axios is one of the most widely installed JavaScript packages in existence. It is embedded in frontend and backend applications, CI/CD pipelines, serverless functions, build containers, and developer workstations across every sector — including Canadian government, financial services, healthcare technology, and software companies. Any development environment, build server, or containerized workflow that ran npm install during the window the malicious versions were live is a candidate for compromise.
The attack follows a well-established supply chain playbook: compromise a high-trust package maintainer account, publish a malicious version, and let automated update processes distribute the payload at scale. What distinguishes this incident is the sophistication of the evasion. The malware executes, contacts C2, retrieves a payload, then deletes itself and overwrites its own metadata. Standard postinstall log scanning will not reveal the execution. Teams relying solely on artifact scanning or lockfile monitoring after the fact face a significant detection gap.
Canadian development teams building or deploying software with JavaScript or Node.js dependencies need to assess whether any of their environments ran npm install between March 30 and the removal of the malicious versions. This includes automated CI/CD systems, Docker build pipelines, and developer workstations running npm install as part of local development. If the RAT payload executed on a system with access to source code repositories, cloud credentials, or application secrets, the attacker may have already exfiltrated those materials.
Organizations subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) or provincial privacy law face a potential notification obligation if a compromised build environment had access to personal data. The RAT achieves persistent access, and the second-stage payloads are platform-specific. The scope of data reachable from any given compromised environment determines the severity of the privacy exposure.
What to Do
Identify all environments where npm install ran between approximately 10:00 UTC on March 30 and the removal of the malicious versions. Check package-lock.json files for axios@1.14.1 or axios@0.30.4 entries. Treat any confirmed installation of these versions as a system compromise: isolate affected systems, rotate all credentials and tokens accessible from those environments, and conduct network analysis to identify C2 communication. Update axios to a verified clean version. Enable multi-factor authentication on all npm maintainer accounts in your organization. Review your CI/CD pipeline configuration to audit or block postinstall script execution, as this entire attack class relies on npm’s postinstall hook. Consider adopting a private npm mirror or artifact proxy with pre-vetted packages for build environments that require a clean supply chain.
Source: The Hacker News | Socket | StepSecurity
