On March 30, 2026, the axios npm account was compromised. North Korean threat actors published two malicious versions of the most widely-used HTTP client library in the Node.js ecosystem — versions that silently installed a cross-platform Remote Access Trojan on every machine that ran npm install during the attack window.

If you are a SaaS founder or indie builder who uses Node.js, this affects you directly.

Here is what happened, who was impacted, and exactly what you need to do right now.

The axios npm account (maintainer: jasonsaayman) was compromised on or around March 30, 2026. Within a 39-minute window, the attackers published two backdoored versions:

Both dist-tags resolved to the malicious package at time of discovery. A default npm install axios pulled a compromised version.

The Elastic Security Labs team published a detailed forensic breakdown. Here is the technical picture:

The attackers first established registry credibility by publishing a clean decoy package ([email protected]). Then they published [email protected] — a version that included a postinstall hook pointing to an external server at sfrclak.com:8000.

When developers installed the compromised axios versions, the postinstall hook fired silently during npm install, reached out to the external server, and downloaded a RAT dropper tailored to the host OS:

All three shared identical command-and-control protocol and beacon behaviour. After executing the RAT payload, the dropper deleted itself and replaced the malicious package.json with a clean copy — erasing forensic evidence from node_modules in the process.

The publishing method shifted from the account's normal OIDC/GitHub Actions SLSA provenance to a direct CLI publish from a different email address ([email protected]). This change in publishing behaviour was a key forensic signal.

Approximately 100 million npm installs of axios happen every week. Both the latest and legacy dist-tags were pointing to compromised versions. Any automated CI pipeline, Docker build, or local development environment that ran npm install in the attack window was potentially exposed.

The attack was eventually detected and the malicious versions removed from the registry, but the exposure window was real and measurable.

Safe versions: [email protected] and [email protected].

Do not just update to the latest version in place. The postinstall hook already fired if you were exposed. Follow this sequence:

Look for 1.14.1 or 0.30.4. If either appears, you were in the blast radius.

Update your package.json:

Or for the legacy branch:

Then regenerate your lockfile:

Check for [email protected] anywhere in your node_modules:

If it appears, the postinstall fired. Treat that environment as compromised.

If you built Docker images or deployment artifacts during the window (March 30–31, 2026), rebuild them from clean dependency trees. Do not assume your running containers are clean just because you updated the package.json afterward.

If the dropper executed in any environment — local machine, CI runner, production container — rotate every secret and credential that environment had access to. This includes:

This attack succeeded because a maintainer account was compromised. Review your own npm security posture:

The same week as the axios disclosure, Vercel shipped Turborepo 2.9 — a release worth knowing about if you run a monorepo.

Key changes:

If you run a monorepo with shared packages, upgrading to 2.9 is worth doing for the build-time improvement alone.

A few Vercel announcements from the first week of April 2026:

Go developers can now deploy API backends on Vercel with zero configuration. Language support is expanding beyond JavaScript and TypeScript — if you have a Go service you want to deploy without managing infrastructure, this matters.

The $10/month base fee for Vercel Observability Plus has been eliminated. You now pay only for the events you actually collect. If you were on the fence about observability because of the fixed cost, this removes the barrier.

Message time-to-live on Vercel Queues is now 7 days, up from prior limits. Useful if you need to decouple producers and consumers with longer retention windows.

Vercel CDN now respects Cache-Control headers from external origins by default. If you proxy third-party resources through Vercel, caching behaviour will be more predictable.

The axios compromise is not an isolated incident. It follows a well-established pattern: compromised maintainer account → malicious version published → automated pipelines silently install it → RAT deployed.

The root cause is that npm's trust model relies on package metadata rather than cryptographic verification of build provenance. Until the ecosystem broadly adopts SLSA Level 3+ provenance attestation, these attacks will remain viable.

As an indie builder, the most effective posture is proactive hygiene, not reactive firefighting:

The axios attack was technically sophisticated. The remediation is not — but it requires acting, not just reading.