Feross Aboukhadijeh, from the security company Socket Security, has discovered a potential security risk: a supply chain issue within Axios, a widely used package on npm.
As a crypto investor, I’ve been learning a lot about the tech behind these projects, and I keep running into something called NPM. It stands for Node Package Manager, and honestly, it’s like the biggest library of free, pre-built code for JavaScript – we’re talking over two million pieces! From what I gather, it’s absolutely essential for building most of the Web3 applications we see today – you could even say it’s the foundation for a lot of it.
Feross reports that the newest version of axios (1.14.1) is unexpectedly including a package called plain-crypto-just@4.2.1, which wasn’t around before today. This strongly indicates a potential security breach.
This is a dangerous piece of malware disguised as a common software component. Axios, a popular tool with over 100 million weekly downloads, has been compromised. Anyone currently installing the latest version of Axios could be affected. Security analysis from Socket AI confirms it’s malware, and ‘plain-crypto-js’ appears to be a hidden program that downloads and installs further malicious software.
This harmful software can do many things, like erase or rename files after running to hide its tracks. It also copies files needed to operate into temporary system folders and can then run commands. Essentially, it tries to cover its tracks and establish itself on your computer.
CRITICAL: Active supply chain attack on axios — one of npm’s most depended-on packages.
A recent update to axios (version 1.14.1) has unexpectedly added a package called plain-crypto-js (version 4.2.1), which wasn’t included before. This is considered a serious security risk.
This is textbook supply chain installer malware. axios…
— Feross (@feross) March 31, 2026
Developers using axios should immediately lock down their current version and check for any security vulnerabilities in their project’s dependencies. It’s best to avoid updating axios until further notice.
Read More
- Everything You Need To Know About Nikki Baxter In Stranger Things’ Animated Spinoff
- The Boys Season 5, Episode 5 Ending Explained: Why Homelander Does THAT
- Taylor Sheridan’s Gritty 5-Part Crime Show Reveals New Final Season Villain
- FRONT MISSION 3: Remake coming to PS5, Xbox Series, PS4, Xbox One, and PC on January 30, 2026
- Ashley’s Powers in The Boys Season 5 Explained & Why They Don’t Work On [SPOILER]
- USD JPY PREDICTION
- Anna Wintour Reacts to Rumors She Approves All Met Gala Looks
- Why There’s No Ghosts Tonight (Nov 27) & When Season 5, Episode 7 Releases
- How to Build Water Elevators and Fountains in Enshrouded
- Welcome to Demon School! Iruma-kun season 4 release schedule: When are new episodes on Crunchyroll?
2026-03-31 07:40