216.73.216.6

Axios Front-End Library npm Supply Chain Poisoning Alert

· Published 01/04/2026 15:16 · Modified 01/04/2026 15:26

Export JSON

Essential information

Published
01/04/2026 15:16
Modified
01/04/2026 15:26
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
axios npm supply chain supply chain attack
Tags
2026-04-01 axios npm supply chain attack supply-chain
Related entities
3 indicators, 3 observables, 2 others

Description

On March 31, NSFOCUS CERT detected that the repository of the HTTP client library was poisoned by the . The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the maintainer to an anonymous ProtonMail address, and manually released a malicious version with a Trojan backdoor through the CLI. When the user installs it, a persistent remote control will be established on the host. The impact is wide-ranging, and relevant users are requested to take measures for investigation and protection as soon as possible.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references