NPM Compromise via Axios Backdoor: Impact on AI Coding Agents

NPM Security Incident: Axios Package Compromise

A significant security breach occurred on March 31, 2026, when npm was temporarily compromised. A DPRK-linked threat actor stole credentials from an Axios maintainer and published two malicious package versions.

Attack Details

• Compromised versions: Axios 1.14.1 and 0.30.4
• Attack window: 3 hours
• Safe versions: 1.14.0 and 0.30.3
• Attack vector: The attacker published backdoored versions that injected a malicious dependency
• Malware behavior: The dependency ran a postinstall hook that downloaded a platform-specific RAT (remote access trojan)
• RAT capabilities: Established C2 beacons, harvested credentials, and self-erased after installation

Impact and Scope

Axios receives 400 million monthly downloads with 174,000 direct dependents, creating a massive blast radius. The attack was particularly devastating for AI coding agents including Claude Code, Cursor, and Copilot. These tools run npm install autonomously without human review, and the malware detached from the process before the command returned — making it completely invisible to output monitoring.

Thousands of developer machines were compromised within hours before the packages were removed from npm. If you installed any packages via npm during the attack window, you should consider the entire machine compromised.

Immediate Actions

• Check if you installed packages during the 3-hour window on March 31, 2026
• Verify you're using Axios versions 1.14.0 or 0.30.3 (not 1.14.1 or 0.30.4)
• Assume machines that installed compromised packages are fully compromised
• Review security monitoring for AI coding agent environments that automate npm installs