A cybersecurity expert has raised concerns about an active supply chain attack affecting Axios, one of the most widely used packages in the npm ecosystem.
Feross Aboukhadijeh, co founder of the security focused company Socket Security, reported that Axios is currently involved in an ongoing compromise within npm dependencies.
npm, short for Node Package Manager, is the world’s largest software registry. It hosts more than two million open source JavaScript packages and is widely considered a foundational layer of modern web and Web3 development.
According to Aboukhadijeh, the latest version of axios 1.14.1 appears to be pulling in a previously unseen package called plain crypto just 4.2.1. The sudden appearance of this dependency suggests that the ecosystem may be experiencing an active compromise.
He described the situation as a classic example of supply chain installer malware. Axios records over 100 million weekly downloads, meaning any installation using the latest version could already be exposed. Analysis from Socket AI reportedly confirms the presence of malicious activity, describing plain crypto js as an obfuscated loader or dropper.
The malicious code is said to be capable of deleting or renaming files after execution to hide forensic traces. It may also stage and copy payloads into temporary system directories such as OS temp and Windows ProgramData, as well as execute decoded shell commands.
Security experts are advising developers using Axios to immediately lock their package versions, review their lockfiles carefully, and avoid updating dependencies until the issue is fully investigated and resolved.#crypto#cryptonews https://coinsignals.net https://t.me/coinsignalpublic
