{"id":78381,"date":"2026-03-31T04:48:13","date_gmt":"2026-03-31T04:48:13","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=78381"},"modified":"2026-03-31T04:48:13","modified_gmt":"2026-03-31T04:48:13","slug":"expert-warns-of-critical-ongoing-supply-chain-attack-on-axios","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=78381","title":{"rendered":"Expert Warns of Critical, Ongoing Supply Chain Attack on Axios"},"content":{"rendered":"<div>\n<p>According to Feross Aboukhadijeh, co-founder of security-oriented firm Socket Security, there is an active supply chain on Axios, which is one of npm\u2019s most depended-on packages.<\/p>\n<p>NPM stands for Node Package Manager and is basically the world\u2019s largest software registry, hosting more than two million packages of open-source JavaScript code. An argument can be made that it\u2019s the backbone of modern Web3 development.<\/p>\n<p>According to Feross, the latest axios@1.14.1 is currently pulling in plain-crypto-just@4.2.1, which is a package that did not exist before today, suggesting that it\u2019s a live compromise.<\/p>\n<blockquote>\n<p>This is textbook supply chain installer malware. Axios has 100M+ weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analyiss confirms this is malware. Plain-crypto-js is an obfuscated dropper\/loadre.\u201d<\/p>\n<\/blockquote>\n<p>The malicious software can perform a range of actions, including deleting and renaming artifacts post-execution to destroy forensic evidence, staging and copying payload files to the OS temp and Windows ProgramData directories, executing decoded shell commands, and more.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\"><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> CRITICAL: Active supply chain attack on axios \u2014 one of npm\u2019s most depended-on packages.<\/p>\n<p>The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise.<\/p>\n<p>This is textbook supply chain installer malware. axios\u2026<\/p>\n<p>\u2014 Feross (@feross) <a href=\"https:\/\/twitter.com\/feross\/status\/2038807290422370479?ref_src=twsrc%5Etfw\">March 31, 2026<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The expert recommends that developers who use axios immediately pin their versions and audit their lockfiles, while refraining from any updates for the time being.<\/p>\n<p>The post <a href=\"https:\/\/cryptopotato.com\/expert-warns-of-critical-ongoing-supply-chain-attack-on-axios\/\">Expert Warns of Critical, Ongoing Supply Chain Attack on Axios<\/a> appeared first on <a href=\"https:\/\/cryptopotato.com\/\" rel=\"nofollow\">CryptoPotato<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>According to Feross Aboukhadijeh, co-founder of security-oriented firm Socket Security, there is an active supply chain on Axios, which is one of npm\u2019s most depended-on packages. NPM stands for Node Package Manager and is basically the world\u2019s largest software registry, hosting more than two million packages of open-source JavaScript code. An argument can be made [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-78381","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/78381","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=78381"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/78381\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=78381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=78381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=78381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}