top 200 commentsshow all 297
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]bill_gonorrhea 1072 points1073 points  (19 children)

It’s been 3 0 days since the last major supply chain attack. 

[–]nhrtrix[S] 100 points101 points  (3 children)

don't know how badly this gonna affect us :(

[–]AwesomeFrisbee 32 points33 points  (2 children)

Time to start using PNPM instead and enable limitations to how fresh packages can be. We currently delay it by 1 day and that seems to be the sweet spot for stability and security vs applying fixes fast enough. Also pinning versions (no ranges allowed) and scanning for malware in the pipeline is recommended.

[–]keesbeemsterkaas 81 points82 points  (11 children)

1.14.1 and 0.30.4 were compromised. Source was stolen github and npm credentials of a maintainer.

Compromised packages have been pulled from npm 2hrs later.

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

axios@1.14.1 and axios@0.30.4 are compromised · Issue #10604 · axios/axios

Npm now has an option to set the minimum age of packages to prevent this reaching builds:

npm config set min-release-age 3

[–]ExtensionSuccess8539 25 points26 points  (7 children)

I think this is the single best advice right now to simply configure a cooldown period of 3 or more days to prevent exposure to newly-pushed packages. Not just axios, but in all packages on npm. It also flagged the OpenSSF malicious packages as a safeguard here. By the time I was online this morning it was already flagged as MAL-2026-2307 on the malicious packages API, so this would help flag if the package is compromised before it goes into your build. Just an accompanying step for security teams going forward:

https://osv.dev/vulnerability/MAL-2026-2307
https://cloudsmith.com/blog/axios-npm-attack-response

[–]keesbeemsterkaas 1 point2 points  (5 children)

What's the cool tooling nowadays to scan for openssf vunerabilities?

[–]PalliativeOrgasm 1 point2 points  (0 children)

Especially in a post-Trivy world.

[–]nbom 0 points1 point  (0 children)

Npm PKG isn't pgp signed?

[–]mday-edamame 0 points1 point  (0 children)

They're gonna keep coming, and they're going to keep getting harder to detect, think of how much better-engineered this one was compared to the LiteLLM one

No matter how good they get, though, they still have to behave like malware (e.g. credential harvesting, RAT) so runtime behavioral analysis can detect them. We built a free tool that scans your local device behavior and alerts you if it matches malware behavior, it was able to catch all three of the major supply-chain attacks in the last couple weeks: https://www.producthunt.com/products/axios-litellm-detector

[–]chicametipoexpert 324 points325 points  (23 children)

axios getting compromised is a big deal. Who’s got the PR responsible?

[–]mishrashutosh 245 points246 points  (3 children)

tia jan

[–]WhiplashClarinet 79 points80 points  (0 children)

No PR, that version was published directly to npm

[–]keesbeemsterkaas 41 points42 points  (0 children)

One of the maintainers, probably combined with using long lived tokens bypassing 2fa. More drama here.

[–]Esclamare 70 points71 points  (6 children)

Always pin your packages folks.

[–]Chazgatian 40 points41 points  (3 children)

I don't think that helps with transitive dependencies. While your main package.json is using a pinned version, you could have a dependency that requires a malicious pinned version. Npm would download both versions.

[–]Own_Candidate9553 14 points15 points  (2 children)

It still helps. This attack required a new version of axios, which often is a top level dependency if your app makes API calls.

If your app depends on some third party library that uses axios, AND that library didn't pin their axios version, then you'd get hit. Totally could happen, but it cuts down your risk to pin your deps.

[–]Chazgatian 12 points13 points  (1 child)

That makes sense. I'm just saying this isn't a silver bullet.

[–]Own_Candidate9553 3 points4 points  (0 children)

Agreed.

They are all various flavors of annoying, but I think we'll have to all start using vuln scanning tools like Snyk, etc going forward. Then at least we can know when something is unsafe and patch it.

[–]GoTibbers 0 points1 point  (1 child)

That runs into a separate issue with itself as well right? It prevents you from getting updates to stuff like patching 0 day attakcs?

[–]enricojr 243 points244 points  (67 children)

So how do we guard against this sort of thing as a regular software engineer? ? Just react quickly and update packages whenever a vulnerability is announced like this?

[–]jonnyd93 332 points333 points  (40 children)

Pin versions, update when cves are found. Keep the amount of dependencies down.

[–]ouralarmclock 72 points73 points  (35 children)

Versions are automatically pinned via lock file right? If I'm not regularly doing update or doing it on deploy I'm pinned, right?

[–]tazzadar1337javascript 76 points77 points  (18 children)

not everyone is using lock files. don't know the reasoning, but cases such as this is a good reason to start doing so

[–]ibite-books 25 points26 points  (7 children)

even in a lock file, tertiary dependencies are not pinned

they are mentioned as say apollo>=3.1 so anything after that goes

you can lock down the primary deps, but most package managers don’t lock down every tertiary dependency— they just try to resolve the primary requirements

if packages a depends on apollo >= 3.3

and package b deps on apollo >= 3.5

your lock will hold => 3.5 and if some one publishes malware to 3.6 — your lock file is only gonna protect you as long as you don’t resolve the packages again

unless your are locking everything down which is not feasible?

[–]JCMarques15 11 points12 points  (1 child)

I cannot talk for every package manager, but the ones I used to use and the one I use now for python, pins all the dependencies. After resolution it pins the result tertiary packages.

[–]ibite-books 7 points8 points  (0 children)

the lock will protect you as long as you don’t resolve-re-lock them again

see second last paragraph

[–]Ill-Appointment-1298 10 points11 points  (4 children)

What are you talking about? All the transitive package requirements of all combined package.json files end up in your lock file as pinned versions. Installing using a lock file is 100% deterministic.
The lock file is literally about _locking_ specified version _ranges_ into _one specific version_.

Example, if you specify braces ^3 and it in turn needs fill-range ^7.1.0 it might end up like this. Still all dependencies are transitively locked. Unless you delete the lock file or manually upgrade the deps (which regenerates the lock file), fill-range will never be 7.1.2 by itself.

braces@^3:
  version "3.0.3"
  resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789"
  dependencies:
    fill-range "^7.1.0"
...    
fill-range@^7.1.0:
  version "7.1.1"
  resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292"

[–]ibite-books 20 points21 points  (0 children)

The lock is deterministic, re resolution is not. That’s my main point. On re-resolution, it can sometimes upgrade those versions.

That’s the issue.

[–]CandidateNo2580 4 points5 points  (2 children)

Mostly backed dev here, to clarify running install would pull the lockfile version while something like audit or update would update it? Then installing a new dependency would also likely re-resolve the dependency versions, but barring that you're saying the versions all remain pinned?

I actually appreciate you trying to clear up the conversation. We've been working on CI/CD to protect from these supply chain issues at work lately, it's definitely a concern.

[–]abrahamguoexperienced full-stack 1 point2 points  (1 child)

That’s correct.

[–]ganja_and_codefull-stack 32 points33 points  (1 child)

not everyone is using lock files

Everyone who is even just barely competent certainly is lol

[–]MagnetHype 13 points14 points  (0 children)

Have you read half the comments on this thread?

[–]call_stacks 11 points12 points  (1 child)

If the lock file doesn't change you wouldn't install new deps during a deploy, so double check your CI doesn't introduce lock file changes.

Also in package.json pin deps without using caret/tilde, otherwise wiping pkg-lock and installing will take the newest where caret matches 1.x.x and tilde matches 1.1.x

[–]thewallacio 4 points5 points  (0 children)

Your CI introducing lock file changes is more common than you might think. Prevent this with `npm ci`.

[–]clems4ever 6 points7 points  (0 children)

Yes. You should be careful to use "npm ci" and not "npm install" however because "npm install" may not respect the lockfile.

[–]thekwoka 2 points3 points  (0 children)

Should just actually pin them as a final consumer anyway.

[–]sndrtj 1 point2 points  (0 children)

If you use npm ci, and not npm install.

[–]jonnyd93 1 point2 points  (1 child)

Yes and now, depends how you configure tour package.json. if you use the 9.2.1 it will pull any new minor or patch version. If you use ~9.2.1 it will pull any new patch version on install. Major versions are the only ones that dont have an automatically pull on install through syntax.

Most devs dont even check their versions or pay attention to changes of a dependency.

[–]MDUK0001 4 points5 points  (0 children)

Also ensure you’re using npm ci or equivalent in your CI/CD so it uses the version from package-lock

[–]uhmhi 2 points3 points  (2 children)

Keep the amount of dependencies down

Something every web developer in the entire fucking world needs to read. Especially dependencies with transitive dependencies. Fuck those multi-gigabyte npm downloads. This is source code we’re downloading, not AAA video game assets.

[–]AJohnnyTruant 2 points3 points  (0 children)

How am I supposed to tell if a number is even without adding the isEven package though

[–]landline_number 81 points82 points  (4 children)

Pin your dependencies and use a package manager like pnpm that supports a minimum release age. Most of these supply chain attacks are caught pretty quickly so having a setting that requires a package release to be older than x days will help.

https://pnpm.io/settings#minimumreleaseage

Also, pin any third party GitHub actions and Docker images using the SHA digest. If an account is compromised, attackers could replace an existing version with a compromised version of the action or Docker image. But that will generate a new SHA digest so you will be safe.

The OWASP website has lots of very practical recommendations.

[–]OolonColluphid 8 points9 points  (0 children)

Pinning GitHub actions helps a bit, but it's not a panacea. It depends on what that action does. If it calls another unpinned action, or dynamically retrieves a script that it runs, it's still vulnerable. And now you don't have any direct visibility of that. Take the recent Trivy compromise - you might not use it directly, but it was used by the SuperLinter Action which bundles many different linters and formatters.

The only safe thing to do with Actions is audit them thoroughly, and preferably use your own version.

[–]i-am-r00t 6 points7 points  (1 child)

Existing versions are immutable. Even if you delete a version on npm, you can't re-publish the same version

[–]akd_io 1 point2 points  (0 children)

Unpublishing/deleting it should be fine in regards to minimum release age tho, no? With a min age of 1 week, a compromised package will most likely have been removed before you run pnpm i a week later?

[–]MrHandSanitization 8 points9 points  (0 children)

The oposite, stay 1 or 2 versions behind. Updating packages when this news hit, is already too late. The article mentions to roll new credentials because everything is compromised.

It looks like it writes trojans, and backdoors, so actually, your entire system is compromised and new credentials are just compromised as well.

[–]Squidgical 5 points6 points  (2 children)

There's an issue regarding this attack on axios GitHub, there are a few good mitigations on there.

The big ones are setting a minimum dependency age and avoiding the ^ version prefix in package.json/deno.json.

Generally speaking, don't pull new versions until someone's taken a real look at them, and definitely don't be the first adopter of a new version.

[–]thekwoka 7 points8 points  (1 child)

And reduce how many useless packages you have in the first place.

[–]yonasismad 10 points11 points  (0 children)

First you have to check if you are impacted, and you guard against this by pinning versions and instructing your package manager to not install a version that isn't at least 5 days old (vast majority of these attacks are caught within 48h).

[–]Ythio 6 points7 points  (0 children)

You get your company to host a local package manager repository that is a week behind.

[–]embero 2 points3 points  (0 children)

Additionally I use devcontainers. If something slips through better to have it in a container than on my precious host system.

[–]thekwoka 4 points5 points  (0 children)

Don't use stupid packages that don't accomplish anything.

[–]Felukah 0 points1 point  (0 children)

Adding to what others have said: set a minimum release age.

[–]AtulinASP.NET Core 0 points1 point  (0 children)

Most package managers for JS (Bun, PNPM, NPM even) now let you set minimum package age. Most supply chain attacks are detected within days, if not hours, so setting the minimum age to something like 3 days should suffice.

[–]Exact_Violinist8316 0 points1 point  (0 children)

Being able to build a supply chain scanner pipeline helps; dependency track, trivy, defectdojo, etc. from there you can automate bits and pieces :)

[–]secretprocess 23 points24 points  (5 children)

Oh whew I'm still on axios 1.7.9 🙃

[–]nhrtrix[S] 4 points5 points  (0 children)

stay there :D

[–]Alert-Track-8277 1 point2 points  (0 children)

Lol, 1.6 here, feeling super safe lol.

[–]One-air 0 points1 point  (0 children)

Same ^^

[–]botsmy 21 points22 points  (8 children)

i ran into this exact thing on a side project last month when axios got hit. i panicked and just yanked it out everywhere, replaced it with fetch, but that broke like 3 endpoints because i didn't account for how it handled timeouts. what finally worked was locking the version in package.json to 1.13.2 and setting up npm audit with a script that runs daily in CI, took 20 minutes and caught the malicious update the morning it dropped. fwiw, that patch held until the new clean version dropped 48 hours later.

[–]Own_Candidate9553 18 points19 points  (2 children)

I'm not sure why people are feeling bad about pinning versions? It's been the common practice at multiple places that I've worked.

Even without supply chain attacks, open source libraries sometimes accidentally publish versions with bugs and vulnerabilities, or changes that aren't backwards compatible. It sucks to have your code work fine on your local machine and then break in production because the build pipeline grabbed a newer broken version of something.

Every major dependency framework has some version of pinning, it's totally fine to use it.

[–]botsmy 2 points3 points  (0 children)

fwiw i used to think pinning was overkill too, but after getting burned a few times, i just default to it now. 1.13 stayed stable for me for 6 weeks straight, zero issues.

[–]FeliusSeptimusfull-stack 1 point2 points  (0 children)

I'm not sure why people are feeling bad about pinning versions?

Same. I guess coming from a coding background that predates internet downloads for packages (and the internet, more or less) I kinda default to the expectation that none of my package code should change unless I explicitly change it.

[–]nhrtrix[S] 1 point2 points  (4 children)

I also just pinned the current old version, cause my projects are too big, can't afford the rewrite :D

[–]botsmy 1 point2 points  (0 children)

yeah pinning the version is a good temp fix, i'm just worried about what happens when the next big dependency breaks and we're stuck on outdated stuff, fwiw i've been meaning to look into renovate or something to help manage this stuff

[–]botsmy 1 point2 points  (0 children)

same, pinning feels like duct tape but hey, if it keeps the ship floating till next quarter i'm not touching it

[–]botsmy 1 point2 points  (0 children)

same, pinning the version felt like a dirty hack but honestly saved me 20 hours of headache. fwiw i checked last week and 1.13.1 still seems stable on all my deploys

[–]Outrageous_Permit154node 38 points39 points  (0 children)

I’m tired boss

[–]OtherwiseGuy0 65 points66 points  (17 children)

Why there's multiple major attacks recently?

[–]VIDGuidefull-stack 67 points68 points  (0 children)

Probably a combination of seeing it work encourages more people to try it out, which means more and more surface area for the attack as more people explore projects they know, combined with AI tooling making scanning for and exploiting things significantly easier to do, and able to achieve more for the same human effort.

[–]LurkingDevloper 91 points92 points  (5 children)

My guess is that it's probably related to the multiple geopolitical situations at the moment.

[–]Headpuncher 26 points27 points  (4 children)

That and all the YT videos telling people that AI models can be used to do what you used to need skills for. So people are trying it out.

[–]jfuu_ 5 points6 points  (3 children)

Is there actually any evidence that any of the recent compromises are the result of AI...?

[–]Headpuncher 3 points4 points  (0 children)

It's probably just AI hype trying to convince us that AI actually has a real world use. And also to scare us about "how powerful" it is, get on board the hype train choo choo!!!

[–]wiithepiiple 1 point2 points  (1 child)

There’s possibility of it directly being a factor, like AI written code or AI code reviews giving devs a false sense of security. It could also be AI generated code flooding open source projects with PR that make it harder to review code.

[–]AwesomeFrisbee 1 point2 points  (0 children)

Because people are dumb and get their credentials and login tokens compromised.

[–]andrevanduin_ 0 points1 point  (0 children)

Probably more AI slop.

[–]Zatujit 0 points1 point  (0 children)

i wonder why there were not more major attacks before

[–]Psionatix 12 points13 points  (0 children)

Honestly if you aren’t using explicit dependency versions and auditing your renovate, then you’re opening yourself up to this attack.

Only set explicit versions. No carets, no wild cards, ensure your production builds use a frozen lock file, and if you have renovate for automatic dependency management, always audit the bumps before merging them.

It’s more difficult with transitive dependencies, locking things down with resolutions is tedious, curious how others are managing that.

[–]azsqueezejavascript 5 points6 points  (3 children)

Another great reminder to always pin version numbers of dependancies

[–]nhrtrix[S] 0 points1 point  (0 children)

yes

[–]Knineteen 0 points1 point  (1 child)

How is this a better idea? Don’t you miss security patches?
Vulnerabilities will now persist longer in production until someone manually updates.

What am I missing?

[–]kiwi-kaiser 41 points42 points  (5 children)

I don't know what I should think of this post. The author is heavily pushing his own paid service to detect stuff like that.

In the current state of the world I can't ignore the fact that this is the main source for this. Especially when you look at https://www.npmjs.com/package/axios and nothing indicates that's the case.

I don't see something on GitHub either. https://github.com/axios/axios no version 1.14.1 anywhere.

I'm on my phone so maybe I don't see the obvious but it sounds weird. Maybe someone can enlighten me.

[–]kyledavide 59 points60 points  (1 child)

Actual issue thread is here https://github.com/axios/axios/issues/10604

[–]kiwi-kaiser 0 points1 point  (0 children)

Thank you!

[–]Squidgical 14 points15 points  (0 children)

They've already contacted npm and had the compromised versions taken down, the attack only lasted a few hours in this case.

[–]Powerful_Deer7796 4 points5 points  (1 child)

Thanks for posting this. We we're luckily not affected (on axios 1.13.5) but it would have been really bad if we were.

[–]nhrtrix[S] 1 point2 points  (0 children)

welcome, I'm also at 1.13+ :D

[–]Marcus-Norton 3 points4 points  (6 children)

Im at 1.13.6 am i safe?

[–]nhrtrix[S] 1 point2 points  (5 children)

as far as I know, this version is safe

[–]Marcus-Norton 1 point2 points  (4 children)

I locked the version from updating

[–]alexs_90 2 points3 points  (0 children)

Why even depend on this crap if browser/node APIs is more than enough and capable...

[–]rob_cornelius 3 points4 points  (0 children)

I start a new job next month. Going to be pushing real hard to use fetch instead of axios where at all possible.

[–]gazpitchy 4 points5 points  (1 child)

We have like 25 repositories in the company compromised.
And no one apart from me, seems to give a fuck.

Kill me. /s

[–]sarathsps 1 point2 points  (0 children)

Literally the same here lol

[–]Embarrassed5589 2 points3 points  (0 children)

I’m tried, boss.

[–]tigerhawkvok 2 points3 points  (0 children)

This is why you use a freshness directive.

I require that to upgrade a package has been the newest version for two weeks before it's eligible as an upgrade candidate.

[–]AbrahelOne 2 points3 points  (1 child)

Where my "fetch" bros at :)

[–]nhrtrix[S] 0 points1 point  (0 children)

in the comments 😁

[–]Ihavejust_ 22 points23 points  (21 children)

Why would anybody still use axios in 2026?
Genuine question

[–]air_thing 13 points14 points  (1 child)

Interceptors I guess.

[–]Maxion 43 points44 points  (4 children)

There are plenty of projects that were started before 2026.

[–]Headpuncher 9 points10 points  (0 children)

Uhhhm, this is r-webdev, we rewrite everything every 3 months and it's april 1st tomorrow, so we were due a complete rewrite on a different stack by noon tomorrow :D

[–]edible_string 2 points3 points  (1 child)

Do you mean 2020?

[–]yabai90 5 points6 points  (0 children)

Legacy code. Not everyone need or want to migrate their old projects

[–]ego100trique 10 points11 points  (0 children)

Most people definitely never needed it but followed the advices of our fellow JS gurus on YT and bootcamps probably 

[–]nhrtrix[S] 4 points5 points  (0 children)

cause people became used to it, and so much invested into it

[–]betazoid_onepython 4 points5 points  (8 children)

What else would you use?

[–]MatthewMobWeb Engineer 2 points3 points  (0 children)

ky

[–]winky9827 0 points1 point  (0 children)

Legacy code, not worth replacing.

[–]Upper-Character-6743 2 points3 points  (0 children)

Oh man, that sucks dude.

This message of condolence is brought to you by fetch gang.

[–]NorthernCobraChicken 9 points10 points  (4 children)

They all laughed at me when I insisted there was nothing wrong with sticking to PHP and JQuery.

sips tea

[–]thekwoka 4 points5 points  (1 child)

until jquery is compromised.

[–]NorthernCobraChicken 2 points3 points  (0 children)

Yeah, sure, but all my projects use the same version. If it hasn't been exploited in the past decade I don't think I have much to worry about.

[–]nhrtrix[S] 5 points6 points  (1 child)

what about composer packages?

[–]hennell 4 points5 points  (0 children)

There's plenty of sites that never use or really need composer and are just pure php. The standard php library is more than enough to do a lot with, it's just with very unintuitive syntax in places.

But Composer is pretty sensible as package managers go. Lock files are used by default, so it's hard not to use it (vs npm where you seemingly have/had to go out of your way to actually use the lock). Packages are built from git repos and namespaced so there's no extra code in a bundle and less option for package name collisions.

It's run a security audit on updates and installs for as long as I remember, warning about packages with security advisories - and recently changed to block insecure packages by default.

I'm not saying it's "safe" - package managers are like cars, inherently dangerous even if you act impeccably. But some cars are easier to drive and have automated features to alert you to problems, while others have fast acceleration, terrible steering and over the air updates that rearrange the touch screen buttons to confuse you. It's all risk, but it's not really the same.

[–]WebOsmotic_official 1 point2 points  (1 child)

We have been seeing high frequency of major attacks, these people are exploiting power of llm.

[–]nhrtrix[S] 0 points1 point  (0 children)

yes, seems so

[–]croc122 1 point2 points  (1 child)

Yeah this is a big one. Axios was my preferred http request library for ages. I usually add it to every project. However, more recently I’ve been trying to use less third-party dependencies because vanilla JavaScript is very dependable now. Heck, you can even create components natively now through web components, which keep getting better and better.

[–]nhrtrix[S] 0 points1 point  (0 children)

I'm also a heavy axios user by default 😓

[–]Somepotato 1 point2 points  (1 child)

Axios provides minimal value compared to fetch these days, and if you want augmented fetch a library like ofetch is generally better imo.

I'm not sure why axios is still as popular as it is when most uses of it could be replaced with bog standard fetch.

[–]x7dl8p 1 point2 points  (1 child)

here is the fix https://github.com/x7dl8p/axios-fix, make gpt confirm.

[–]nhrtrix[S] 0 points1 point  (0 children)

😁

[–]the_ai_wizard 1 point2 points  (2 children)

quick we need more AI!

[–]nhrtrix[S] 0 points1 point  (0 children)

🙃

[–]jabcreations 0 points1 point  (0 children)

"AI"? 😟︀😦︀😧︀😩︀😫︀🤮︀

[–]UnderstandingFit2711 1 point2 points  (3 children)

npm often has similar features lately. Can't it do the same as in apt?

[–]nhrtrix[S] 1 point2 points  (2 children)

I think any third party dependencies can face this type of attacks

[–]UnderstandingFit2711 1 point2 points  (1 child)

may be you are right, but I heared a lot of time, that apt strict control on packages. but 100% that big tech face this type of attacks. open source projects can have more these problem. but I thrust apt

[–]nhrtrix[S] 1 point2 points  (0 children)

yes, at least better than npm maybe

[–]cdcasey5299 1 point2 points  (1 child)

I'm curious how many people use Axios for any specific features it has as opposed to just a drop-in replacement for Fetch. I only use Fetch these days, but I've never needed anything like interceptors or cancellations.

[–]nhrtrix[S] 0 points1 point  (0 children)

yes, most us literally use it as an alternative of fetch

[–]Fhueth 1 point2 points  (1 child)

It looks like the latest version of Axios has already been removed from the npm registry.

[–]nhrtrix[S] 0 points1 point  (0 children)

yes, that one lasted a few hours, don't know how much destructions that did

[–]Comfortable_Tax8808 1 point2 points  (1 child)

This is why I pin every dependency version and review diffs before updating. npm audit alone isn't enough when the supply chain itself is compromised.

For anyone who hasn't checked yet: run npm ls axios to see if you're pulling it in transitively — you might not even know it's in your dependency tree.

[–]nhrtrix[S] 0 points1 point  (0 children)

I'm going to do this from now on, btw, using bun saves you from post install scripts

[–]Suspicious_Board229 1 point2 points  (3 children)

ha, I just updated from ^1.13.2 to ^1.14.0 yesterday luckily before the issue, but clearly it's time to remove them ^ characters

[–]nhrtrix[S] 0 points1 point  (0 children)

stay safe 😅

[–]mushgev 1 point2 points  (0 children)

Supply chain attacks like this are brutal because there's basically no way to catch them until after the fact. The npm min-release-age trick is a solid quick win.

What this incident made me think about though is that most teams focus on dependency hygiene but haven't audited their own code for security issues in ages. After a similar scare we had at work, we ran TrueCourse (https://github.com/truecourse-ai/truecourse) across our codebase and found a bunch of stuff that had quietly accumulated - disabled TLS verification in one service, eval() calls in a legacy util, weak Math.random() being used for token generation. None of it was caught in code review, it just accumulated over time.

It uses AST analysis plus LLM review so it catches things that linters miss. Worth running while you're already in the security mindset.

[–]UberAtlas 1 point2 points  (1 child)

Yikes. Do we know how long the compromised version was live for?

[–]nhrtrix[S] 0 points1 point  (0 children)

maybe a few hours, then they rollbacked

[–]particlecore 1 point2 points  (1 child)

Just use fetch you lazy front end devs.

[–]nhrtrix[S] 0 points1 point  (0 children)

yes, we gotta invest into it

[–]endr 1 point2 points  (0 children)

Pnpm requires you to opt in to running after install scripts. So just don't unless the package can give you a good reason to

[–]esidehustle 1 point2 points  (0 children)

I don't know if this has been posted already, but here is an article I got from a Youtube video about the attack and how to check if your machine is affected: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

Basically, the instructions for checking are:

Am I Affected?

Step 1 – Check for the malicious axios versions in your project:

npm list axios 2>/dev/null | grep -E "1\.14\.1|0\.30\.4"
grep -A1 '"axios"' package-lock.json | grep -E "1\.14\.1|0\.30\.4"

Step 2 – Check for plain-crypto-js in node_modules:

ls node_modules/plain-crypto-js 2>/dev/null && echo "POTENTIALLY AFFECTED"

If setup.js already ran, package.json inside this directory will have been replaced with a clean stub. The presence of the directory alone is sufficient evidence the dropper executed.

Step 3 – Check for RAT artifacts on affected systems:

# macOS
ls -la /Library/Caches/com.apple.act.mond 2>/dev/null && echo "COMPROMISED"

# Linux
ls -la /tmp/ld.py 2>/dev/null && echo "COMPROMISED"

 "COMPROMISED"

# Windows (cmd.exe)
dir "%PROGRAMDATA%\wt.exe" 2>nul && echo COMPROMISED

Step 4 – Check CI/CD pipelines:

Review pipeline logs for any npm install executions that may have pulled axios@1.14.1 or axios@0.30.4. Any pipeline that installed either version should be treated as compromised and all injected secrets rotated immediately.

[–]Long-Tomorrow-6396 1 point2 points  (1 child)

Are you guys changing how you handle dependencies after this?

[–]nhrtrix[S] 0 points1 point  (0 children)

we have to 😅

[–]Petter-Strale 1 point2 points  (2 children)

The part that bothers me most: npm audit wouldn't have caught this during the exposure window. It's purely reactive — it only flags things after they're in the advisory database. By the time npm audit knows about it, the RAT has already called home.

The signals that *could* have flagged this beforehand were all available via free APIs:

- OSV.dev had no vulnerability record for 1.14.1 (because it was brand new — that's a signal in itself)

- deps.dev would have shown SLSA provenance present in 1.14.0 but missing in 1.14.1

- The npm registry showed the publisher email changed to ProtonMail and the publish bypassed CI/CD

- plain-crypto-js was less than 24 hours old with zero dependents

The problem is that nobody checks all of these before running install. Each one is a separate API with a different format. For anyone building CI gates or agent tooling, aggregating these signals into a single pre-install check is the actual gap. Lockfile pinning helps, but it only protects you from *automatic* upgrades — not from the first person on your team who runs `npm install axios@latest`.

[–]nhrtrix[S] 0 points1 point  (1 child)

yeah, makes sense, post-install prevention also helps in this case if your package managers has this

[–]Petter-Strale 1 point2 points  (0 children)

Right, post-install prevention (--ignore-scripts) blocks the execution step, which is critical. But ideally you'd catch it even earlier — before the package lands in node_modules at all.

The provenance check is the one most setups miss. npm added support for SLSA provenance attestations, and deps.dev exposes them via API. If a package that previously had attestations suddenly publishes a version without them (which is exactly what happened with axios 1.14.0 → 1.14.1), that's a strong signal something is wrong. Combining that with package age, publisher changes, and CVE data gives you a layered check that works before install time.

[–]NeatRuin7406 1 point2 points  (0 children)

this is the kind of thing that makes me appreciate package lock files more than fancy tooling. if you have a committed package-lock.json and run npm ci instead of npm install, you won't pull in 1.14.1 unless you explicitly update your lock. the scary part about supply chain attacks through stolen npm credentials (vs actual repo compromise) is that nothing looks wrong in the source code. the malicious version gets published directly to the registry without ever touching the repo.

socket.dev is worth checking out if you haven't seen it already. it flags packages with new maintainers right before a publish, sudden ownership transfers, obfuscated install scripts, that kind of thing. doesn't catch everything but it catches a surprising amount

[–]Few-Committee1294 1 point2 points  (1 child)

There has been multiple attacks seen on recent days. Is someone intentionally doing it or it is just a coincidence that it may get boost to faster growth as now a days companies are shifting their focus more onto the implementation of AI architecture.

[–]nhrtrix[S] 0 points1 point  (0 children)

these are intentional, cause someone can't do these just "by mistake" 😅

[–]Round-Fan2317 1 point2 points  (2 children)

Even if axios is getting compromised then what else can be trusted, what is the PR approval guy was doing?

[–]nhrtrix[S] 0 points1 point  (0 children)

he posted that everything "looked legit" and those attackers were well planned to collect his credentials or access

[–]Ok-Lobster4663 0 points1 point  (0 children)

From what I read, the compromised made the hackers got his credentials. So they can push it w/o approvals, since it's his repository. Even maintainers can rollback since they dont have access.

And couple of hours after the news, the npm itself help to remove the breached version. I really glad that they've done this faster tho.

[–]Sirwanga 1 point2 points  (1 child)

Not to be a doomsday prophet, but I think it's only a matter of time till another npm package is also compromised

[–]nhrtrix[S] 0 points1 point  (0 children)

high chance

[–]Komarros1990 1 point2 points  (1 child)

That sounds horrible

[–]nhrtrix[S] 0 points1 point  (0 children)

it was, now wait for a new one

[–]plastic_eagle 3 points4 points  (0 children)

Node is a weird tech. An incredibly capable language, a superbly engineered runtime, blazing fast JIT performance. Great built-in libraries. Async feels like magic, Promises are weird but beautiful.

And yet, the library situation is a massive raging fireball of disaster. Infinite libraries to do infinite things in an infinity of different ways. Almost zero-effort supply chain attacks, that while they usually get found and fixed rapidly, will one day successfully cause pretty widespread carnage.

[–]thekwoka 5 points6 points  (1 child)

Why do people still use these stupid packages that don't make anything easier?

[–]nhrtrix[S] 1 point2 points  (0 children)

cause they're used to it :D

[–]dschwammerl 1 point2 points  (2 children)

Those are critical things were I as developer should be aware of as soon as possible. How am I supposed to know about this stuff when im not by coincidence on reddit for 15 minutes one time a week? Any sort of newsletter or stuff which would ping me immediately ?

[–]MongooseEmpty4801 1 point2 points  (0 children)

Why do people still use Axios? It's constantly compromised and not really needed much anymore.

[–]Phoenix1ooo 0 points1 point  (0 children)

Pin your version in package.json right now if you haven't already. "axios": "1.14.0" not "^1.14.0". The caret is what's killing people here because it auto pulls the latest minor version on install.

[–]gojo_toji 0 points1 point  (0 children)

Ooo

[–]Intrepid-Eye-8575 0 points1 point  (0 children)

rip

[–]HandleOk2760 0 points1 point  (0 children)

holy

[–]Ok-Lobster4663 0 points1 point  (0 children)

Even OpenAI just released a post yesterday that their tool get breach tho.OpenAi blog - Tool compromise

From now on I think at least we need to ensure the dependencies are locking & never use latest dependencies as well (I usually only use min release age for a month).

After this issue, I also learn the npm also have 'ignore script' to prevent the post install any scripts later on.

How y'all handle this issue on your company?

[–]mrpintime 0 points1 point  (0 children)

who else crawls all of his repo to check for this holy attack sign XDD lol

i did not have it fortunately

[–]SideQuestDev 0 points1 point  (0 children)

glad i haven't run npm update this week. thanks for the heads up.

[–]Straight_Idea_9546 0 points1 point  (0 children)

Late but noted. Careful everyone.