Two compromised Axios npm packages have triggered a security alert for developers to rotate credentials and audit systems. Cybersecurity firm Socket first flagged versions axios@1.14.1 and axios@0.30.4 as containing a malicious dependency, plain-crypto-js@4.2.1.
The tainted code can grant attackers remote access to devices, potentially exposing API keys, login credentials, and crypto wallet data. OX Security confirmed the altered packages could execute unauthorized code during installation.
Developers using these versions are urged to treat systems as compromised and immediately reset all related authentication tokens. Supply chain attacks like this exploit trust in open-source tools widely used across tech ecosystems.
This incident echoes earlier breaches, including a January attack draining hundreds of EVM-compatible wallets. That event was traced back to a similar supply chain flaw tied to Trust Wallet's development environment.