FIND-20260404-017 · 2026-04-04 · Innovation Veille

Axios npm Supply Chain Attack — North Korea RAT (CRITICAL 9.8)

cve HIGH
On March 31, 2026, axios@1.14.1 and axios@0.30.4 were published via a hijacked maintainer account, delivering a cross-platform RAT via a malicious postinstall hook (plain-crypto-js dependency). Attributed to North Korean threat actor Sapphire Sleet / UNC1069. Axios has ~100M weekly downloads. Safe versions: 1.14.0 or 0.30.3 or earlier. Any ODS service using axios must pin to a safe version immediately.

Source

https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/

ODS Impact

ODS frontend (React 18 + TypeScript) and any Node.js services may use axios for HTTP calls. Must audit package-lock.json files in all repos to confirm no use of axios@1.14.1 or axios@0.30.4. Recommend replacing axios with native fetch in new code.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: HIGH | Recommendation: USE_WITH_CAUTION

Tags

npm supply-chain axios cve rat node react critical
Generated by ODS Innovation Veille · 2026-04-04T19:08:55+00:00