axios npm Package Compromised: Versions 1.14.1 and 0.30.4 Contain RAT Malware
By
Preecha
Summary
axios versions 1.14.1 and 0.30.4 were compromised on npm between March 30-31, 2026, with a malicious dependency that drops a remote access trojan (RAT) on infected machines. Both compromised versions have been unpublished. The safe version is 1.14.0. Users who installed the compromised versions should treat their machines as compromised and rotate all credentials immediately. axios is one of the most widely used HTTP clients in the JavaScript ecosystem with roughly 100 million weekly npm downloads.
Source
bskyaxios npm Package Compromised: Versions 1.14.1 and 0.30.4 Contain RAT Malwarecstu.ioKey quotes
· 4 pulledaxios versions 1.14.1 and 0.30.4 were compromised on npm with a malicious dependency that drops a remote access trojan (RAT) on infected machines.
Both versions have been unpublished. The safe version is 1.14.0.
If you installed [email protected] or 0.30.4, treat the machine as compromised and rotate all credentials immediately.
axios is one of the most widely used HTTP clients in the JavaScript ecosystem, with roughly 100 million weekly npm downloads.
You might also wanna read
Axios attack: How a compromised npm package delivered RAT malware
Compromised axios npm package delivers cross-platform RAT
Popular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo agoNPM Vulnerability Allows 126 Malicious Packages to Be Downloaded 86,000+ Times
Security researchers have discovered a major vulnerability in NPM (Node Package Manager) that allows attackers to distribute malicious packa
arstechnica.com·8mo ago317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
Malicious versions of the Nx package and several supporting plugins were published to npm, containing code that scans file systems, collects

Comments
Sign in to join the conversation.
No comments yet. Be the first.