Skip to content
.ca
sign in
4 minhigh

The Hidden Blast Radius of the Axios Compromise

A supply chain attack compromised Axios version 1.14.1 on npm by injecting a malicious dependency, plain-crypto-js. The attack's impact was significantly amplified by default semver range resolutions and dynamic execution tools like npx, which bypassed standard lockfile protections during the exposure window.

Conf:highAnalyzed:2026-04-02reports
ActorsAxios npm supply chain attack
plain-crypto-jsAxiosSupply Chain Attacknpmnpx

Source:Socket

Key Takeaways

  • Axios version 1.14.1 was compromised with a malicious dependency (plain-crypto-js@4.2.1) containing a multi-stage malware payload.
  • The blast radius extends far beyond direct Axios users due to semver ranges (e.g., ^1.13.5) automatically resolving to the compromised version during fresh installs.
  • Dynamic execution tools like npx bypass lockfile protections, pulling the malicious version at runtime if executed during the exposure window.
  • Post-incident investigation is difficult because the registry has been cleaned, making the malicious dependency tree non-reproducible without historical logs.

Affected Systems

  • Node.js
  • npm
  • CI/CD pipelines
  • Developer CLIs
  • MCP servers

Attack Chain

An attacker published a compromised version of the widely used Axios package (1.14.1) to the npm registry, embedding a malicious dependency named plain-crypto-js@4.2.1. During the exposure window, CI pipelines, developer CLIs, and dynamic execution tools (like npx) that relied on semver ranges (e.g., ^1.13.5) automatically resolved and downloaded the malicious version. Upon installation or execution, the multi-stage malware payload was triggered, resulting in observable command-and-control traffic from the build environments.

Detection Availability

  • YARA Rules: No
  • Sigma Rules: No
  • Snort/Suricata Rules: No
  • KQL Queries: No
  • Splunk SPL Queries: No
  • EQL Queries: No
  • Other Detection Logic: No

No specific detection rules are provided in the article. Detection relies on historical log analysis of CI/CD pipelines and network telemetry.

Detection Engineering Assessment

EDR Visibility: Medium — EDR can capture npx executions and subsequent anomalous child processes or network connections, but lacks visibility into the specific npm package resolution context. Network Visibility: Medium — Outbound C2 traffic from build steps is observable, but the initial payload download occurs over encrypted HTTPS to legitimate npm registries. Detection Difficulty: Hard — The malicious package has been removed from the registry, making dynamic resolution non-reproducible. Detection relies entirely on historical CI logs and network telemetry from the specific exposure window.

Required Log Sources

  • CI/CD build logs
  • Network flow logs
  • EDR process execution logs

Hunting Hypotheses

HypothesisTelemetryATT&CK StageFP Risk
CI pipelines executing npx commands initiated unexpected outbound network connections indicative of C2 traffic during the exposure window.Network flow logs, EDR process network eventsCommand and ControlMedium
Historical CI build logs contain references to the resolution or installation of plain-crypto-js or axios@1.14.1.CI/CD build logsExecutionLow

Control Gaps

  • Lack of historical dependency resolution logging
  • Dynamic dependency resolution bypassing lockfiles via npx

Key Behavioral Indicators

  • Unexpected outbound network traffic from CI build nodes
  • npx executions spawning anomalous child processes

False Positive Assessment

  • Low

Recommendations

Immediate Mitigation

  • Review historical CI build logs for references to axios@1.14.1 or plain-crypto-js@4.2.1.
  • Analyze network telemetry from CI environments during the exposure window for anomalous outbound connections.

Infrastructure Hardening

  • Enforce the use of 'npm ci' instead of 'npm install' in all CI pipelines to ensure deterministic builds.
  • Modify npx invocations in CI pipelines to use '--no --offline' flags to prevent dynamic package resolution.

User Protection

  • Configure local MCP packages to use dedicated directories with strictly pinned package.json files.
  • Set 'npm_config_yes=false' in .npmrc or as an environment variable to prevent automatic npx installations.

Security Awareness

  • Educate development teams on the risks of semver ranges and dynamic dependency resolution tools like npx.

MITRE ATT&CK Mapping

  • T1195.002 - Supply Chain Compromise: Compromise of Software Dependencies and Development Tools
  • T1072 - Software Deployment Tools

Additional IOCs

  • Command Lines:
    • Purpose: Safe npx execution in CI to prevent dynamic resolution of uninstalled packages | Tools: npx | Stage: Defense Evasion Mitigation | npx --no --offline
    • Purpose: Deterministic npm install for CI environments to respect lockfiles | Tools: npm | Stage: Defense Evasion Mitigation | npm ci

Related