North Korean hackers compromised Axios, JavaScript’s most downloaded HTTP client with over 70 million weekly downloads, deploying cross-platform malware across the npm ecosystem in a three-hour attack window on March 31. Google formally attributed the supply chain attack to UNC1069, a financially motivated North Korea-nexus threat actor that has been targeting cryptocurrency firms since 2018.
The attack represents one of the largest npm supply chain compromises on record. Any developer who ran npm install or npm update between 00:21 and 03:15 UTC on March 31 potentially downloaded malicious code that deployed a remote access trojan capable of stealing credentials, executing arbitrary commands, and exfiltrating system data.
How the Attack Unfolded
Attackers first compromised Axios maintainer credentials through a targeted social engineering campaign. Jason Saayman, the maintainer, confirmed the attackers impersonated the founder of a legitimate company in an operation “tailored specifically to me.” This mirrors UNC1069’s recent evolution from targeting cryptocurrency founders to weaponizing relationships with open-source maintainers.
Once inside, the threat actors published two trojanized versions: axios@1.14.1 (tagged “latest”) at 00:21 UTC and axios@0.30.4 (tagged “legacy”) at 01:00 UTC. Both versions injected a malicious dependency called plain-crypto-js@4.2.1 that was never imported by the Axios codebase. Its sole purpose was to trigger a postinstall hook that automatically executes during package installation.
The postinstall script downloaded WAVESHAPER.V2, a cross-platform backdoor with full remote access capabilities for Windows, macOS, and Linux systems. After execution, the malware deleted its installation scripts and replaced the package.json file with a clean version to avoid detection. Moreover, the sophistication was notable: attackers staged three OS-specific payloads 18 hours before the attack and poisoned both release branches within 39 minutes.
The Real Problem: Postinstall Scripts Run by Default
This attack exposes a fundamental design flaw in npm’s security model. Postinstall hooks execute automatically on every developer machine and CI/CD system that pulls a package. Furthermore, this feature—intended for legitimate build steps—has become the number one attack vector in supply chain compromises.
Ahmad Nassri of Socket captured the problem perfectly: “A package as widely used as Axios being compromised shows how difficult it is to reason about exposure in a modern JavaScript environment.” When a single compromised credential can silently execute arbitrary code on millions of machines within hours, the ecosystem has a structural npm security vulnerability that goes beyond individual incidents.
Additionally, Tomislav Peričin, Chief Software Architect at ReversingLabs, warned that “the Axios attack should be understood as a template, not a one-time event.” The operational sophistication documented by security firms suggests this will be repeated.
Part of a Larger Pattern
The timing is no coincidence. On the same day Axios was compromised, Anthropic accidentally leaked Claude Code’s source code through an npm packaging error, exposing 512,000 lines of TypeScript. Within hours, threat actors distributed trojanized versions of Claude Code containing backdoors and data stealers.
Consequently, developer toolchains have become the primary attack surface for nation-state actors. The trust model that makes open source powerful—dependencies pulled automatically, maintainers operate with minimal oversight, install scripts run without user confirmation—is now a systematic weakness being actively exploited.
What Developers Need to Do Right Now
If you ran npm install or npm update during the three-hour exposure window on March 31, assume compromise and rotate every credential and API key that was accessible on that system. Immediately downgrade to safe versions: Axios 1.14.0 or 0.30.3.
For the long term, disable postinstall scripts by default. Use npm ci --ignore-scripts in CI/CD pipelines and set npm config set ignore-scripts true globally. This breaks the most common attack vector. You can selectively enable scripts for specific trusted packages when needed.
Furthermore, delay dependency updates by 24 hours. Malicious packages are typically detected and removed within hours, so waiting before pulling the latest version significantly reduces risk. Commit your package-lock.json and enforce it with npm ci rather than npm install to prevent unexpected version changes.
The Ecosystem Response
GitHub announced it’s deprecating legacy authentication tokens and migrating to FIDO-based two-factor authentication for all package publishers. Similarly, high-download packages will soon require mandatory 2FA, and the platform is implementing “trusted publishing” via OIDC that eliminates stored credentials entirely.
These changes are necessary but arrive after repeated high-profile compromises. The Shai-Hulud worm in September 2025 spread as self-replicating malware across npm. Now Axios and Claude Code in the same 24-hour window. The response is reactive when the threat demands proactive architectural changes.
The npm security model needs a fundamental rethink. Postinstall scripts executing by default made sense when the ecosystem was smaller and more trusted. At 70 million weekly downloads for a single package, that trust model doesn’t scale. Until the defaults change, developers are left manually hardening their environments against features that should be opt-in, not opt-out.
To stay protected, consult Microsoft’s comprehensive mitigation guide for detailed remediation steps.
