Home / Companies / Semgrep / Blog / Post Details
Content Deep Dive

Axios Supply Chain Incident: Indicators of Compromise

Blog post from Semgrep

Post Details
Company
Date Published
Author
Lewis Ardern, Pieter De Cremer, Jayson DeLancey
Word Count
893
Company Posts That Month
10
Language
English
Hacker News Points
-
Post removed?
No
Summary

On March 30th, the popular HTTP client library Axios was compromised for three hours, during which time certain versions were infected with a malicious dependency, [email protected], that deployed a Remote Access Trojan (RAT) via a postinstall hook. This RAT allowed attackers to execute arbitrary code, enumerate files, and inject processes across different platforms by downloading platform-specific payloads immediately after installation. The compromised Axios versions, which included [email protected] and [email protected], were removed from the NPM registry to prevent further spread. Users are advised to assume system credential compromise, quarantine affected machines, and rotate credentials. Detection involves checking for specific artifacts and network traffic patterns, such as HTTP POST requests to a command and control server. Cleanup requires clearing caches, deleting affected package versions from private registries, and ensuring no lingering malicious dependencies remain in CI/CD environments. Developers should be cautious of IDE extensions, like the NX Console for VSCode, which might inadvertently fetch these compromised dependencies despite version pinning in lockfiles.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
OpenClaw 2 650 79 49 -45%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.