Axios, with over 100 million weekly downloads, is practically infrastructure in the JavaScript ecosystem. It followed all the right security protocols: configured OIDC Trusted Publisher, implemented SLSA provenance, and met all modern security standards.

Yet, it still got poisoned.

The attacker stole a long-lived npm token from one of Axios's core maintainers. Using this token, they published axios@1.14.1 and axios@0.30.4—both containing a cross-platform remote access trojan (RAT) capable of infecting Windows, macOS, and Linux. These packages remained in the npm registry for three hours. According to Huntress, the first wave of infections was detected just 89 seconds after the malicious packages went live, with at least 135 machines compromised.

Ironically, the attacker completely bypassed GitHub Actions. Although the project had OIDC configured, npm prioritized the old NPM_TOKEN when it coexisted in environment variables. This means all the fancy modern security measures were circumvented—the attacker simply waltzed in with an old key.

This is also a chronic issue for the entire npm ecosystem. In just seven months, this marks the third major supply chain attack, following the Shai-Hulud worm and the PackageGate vulnerability. The methods differ, but the root cause is the same: stolen maintainer credentials. The Axios maintainer even had two-factor authentication enabled, yet it couldn’t stop the dormant old token. As long as human accounts remain the ultimate trust anchor, these incidents will keep recurring.

For enterprises, the ordeal isn’t over. Check if you’ve installed either of the two poisoned versions or the seemingly harmless plain-crypto-js. If you’re unlucky enough to be affected, don’t bother with antivirus—just reinstall the system and rotate all AWS keys, SSH keys, and CI/CD secrets. From now on, strictly enforce --ignore-scripts in CI/CD to eliminate any postinstall exploits.

That old token, treated as a 'backup plan,' ultimately became the fatal flaw.