Action Required for Marketplace App Developers - Axios npm Supply Chain Compromise

Summary

On Mar 31, 2026, the widely used npm package axios was compromised via a maintainer account hijack. Two malicious versions were briefly published to the npm registry:

  • axios@1.14.1

  • axios@0.30.4

These versions introduced a hidden dependency on plain-crypto-js@4.2.1, which executed a postinstall script to deploy a cross-platform Remote Access Trojan (RAT). The malicious versions were available for approximately three hours before npm unpublished them and reverted the latest tag to 1.14.0.

Given that axios receives ~83 million weekly downloads, this incident had widespread ecosystem impact, affecting over 170,000 dependent projects globally.

Why This Matters to You

If your Marketplace app or Forge app uses axios as a dependency (directly or transitively), and you ran npm install/update, yarn install/upgrade, or a CI/CD pipeline during the compromise window (approximately Mar 31, 2026 00:21–03:15 UTC), your development machine or build environment may have been compromised.

This is especially relevant if your package.json specifies axios with a caret (^) version range (e.g., "axios": "^1.13.5" or "axios": "^0.30.3"), as the caret range would have automatically resolved to the malicious version with clean installs during the compromise window.

Note for Forge developers: Since the attack vector is a postinstall script, the initial point of impact is the developer’s local machine where npm install or yarn install was executed, not the Forge runtime environment directly. However, a compromised developer workstation could still lead to a compromised app being published.

How the Attack Works

  1. Malicious versions axios@1.14.1 and axios@0.30.4 were published to NPM, adding plain-crypto-js@4.2.1 as a dependency.

  2. The postinstall hook in plain-crypto-js executes a setup.js script that deploys platform-specific RATs:

    • macOS: /Library/Caches/com.apple.act.mond

    • Linux: /tmp/ld.py

    • Windows: %PROGRAMDATA%\wt.exe

  3. The dropper self-deletes and overwrites its own package.json, making the RAT invisible in node_modules after installation. Detection relies on lockfiles and pipeline/install logs, not source tree inspection.

  4. The malware contacts a C2 server at sfrclak[.]com:8000 to establish remote access. While the initial payload only captures system information, the attacker could later select targets for follow-up malware delivery.

How To Determine If You Are Affected

You may be affected if all of the following are true:

  1. Your app depends on axios directly or transitively.

  2. (Applies for npm/yarn install) Your lockfile (package-lock.json, yarn.lock, or pnpm-lock.yaml) resolved any of these versions during the compromise window:

    • axios@1.14.1 (shasum: 2553649f2322049666871cea80a5d0d6adc700ca)

    • axios@0.30.4 (shasum: d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71)

    • plain-crypto-js@4.2.1 (shasum: 07d889e2dadce6f3910dcbc253317d28ca61c766)

  3. You ran npm install/update, yarn install/upgrade, or a CI/CD build before the packages were unpublished on Mar 31, 2026 during the compromise window.

Check your lockfiles

# Check for compromised axios versions
grep -r "axios-1.14.1\|axios@1.14.1\|axios-0.30.4\|axios@0.30.4" package-lock.json yarn.lock pnpm-lock.yaml
# Check for the malicious dependency
grep -r "plain-crypto-js" package-lock.json yarn.lock pnpm-lock.yaml node_modules

Check for RAT artifacts on your machine

# macOS
ls -la /Library/Caches/com.apple.act.mond
# Linux
ls -la /tmp/ld.py
# Windows (PowerShell)
Test-Path "$env:PROGRAMDATA\wt.exe"

Required Actions

1) Pin to a Known-Good Version

  • 1.x users: Pin to axios@1.14.0 or the latest known-good version.

  • 0.x users: Pin to axios@0.30.3 or the latest known-good version.

2) Remove the Malicious Dependency (if present)

rm -rf node_modules/plain-crypto-js

3) Perform a Clean Reinstall

npm ci --ignore-scripts
# or
yarn install --ignore-scripts

4) Add Overrides/Resolutions to Prevent Re-resolution

In your package.json:

{
  "overrides": {
    "axios": "1.14.0"
  },
  "resolutions": {
    "axios": "1.14.0"
  }
}

5) Purge CI/CD Caches

If you use cached node_modules in your CI/CD pipelines, clear the cache to ensure the poisoned version is not consumed from cache.

6) Rotate Credentials If Compromised

If you confirmed the malicious version was installed on your machine or CI pipeline, treat all credentials accessible from that environment as compromised:

  • npm tokens

  • API keys and cloud credentials

  • SSH keys

  • .env file values

  • CI/CD pipeline secrets

7) Scan Your Machine for RAT Artifacts

If the malicious postinstall ran on your machine, remove the RAT payloads listed above and consider a full security scan of the affected system.

8) Report a Suspected Compromise

If you suspect that your development machine, build pipeline, or any part of your development environment has been compromised and/or if you believe a published version of your Marketplace or Forge app may have been tampered with, please notify Atlassian immediately via our Ecosystem Support Portal

Incident Response

If plain-crypto-js is detected, assume the host environment is compromised. Revert the environment to a known-good state and rotate all credentials or secrets present on that machine.

References

Hi @SrivathsavGandrathi ,

Thank you for the heads up.

I think all marketplace vendors would like that Atlassian also ships software without critical vulnerabilities. However we have to deal with insecure software from Atlassian. For details see: https://community.developer.atlassian.com/t/raising-the-bar-on-marketplace-cloud-app-security-together/98750/4

In addition to insecure dependencies, e.g. Forge Cli also ships with obsolete dependencies like undici, as e.g. fetch is part of all supported runtimes on Forge.