Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack
StepSecurity detected a compromise of axios, described as the largest npm supply chain attack on a single package by download count. A state-sponsored threat actor is reported to have actively suppressed warnings by deleting GitHub issues. Detection occurred before public disclosure.
- Disclosed
- Last updated
- Blast radius
- Very large - axios is one of the most widely downloaded npm packages; direct impact on all downstream dependents.
- Ecosystems
- Attack vectors
- Affected entities
- axios
StepSecurity's AI Package Analyst and Harden-Runner tools detected the compromise of axios, one of the most widely-downloaded npm packages, prior to any public disclosure. Axios is an HTTP client library with massive adoption across the JavaScript ecosystem, making this incident significant in scope.
The response involved a coordinated effort to disclose and remediate the compromise. A community call was organized at midnight that drew approximately 200 attendees. StepSecurity identified indicators of state-sponsored activity, including deliberate deletion of GitHub issues to suppress early warnings of the compromise.
The incident received significant media coverage, including reports from Bloomberg and commentary from notable figures in the AI/ML community. The exact nature of the malicious payload and affected versions are not detailed in this summary source material.
Indicators of compromise
- Packages
- axios
Remediation
- Update axios to a patched version released after the compromise was disclosed
- Review audit logs for axios dependency installations during the incident window
- Scan downstream projects for any artifacts or behavior introduced by compromised axios versions
- Monitor for follow-on exploitation or lateral movement from systems that may have executed compromised code
- Enable strict package verification and signing requirements in dependency management workflows
Sources
Cite this entry
"Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed April 9, 2026; last updated June 7, 2026. https://supplychainattack.org/incident/behind-the-scenes-how-stepsecurity-detected-and-helped-remediate-the-largest-npm-1fmmcy
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave
TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.
npmOtherAccount takeoverCompromised packageMalicious maintainer - containedcritical
TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package
The xinference package on PyPI was compromised with a two-stage credential stealer attributed to the TeamPCP threat actor. The malicious code was injected into the package, potentially affecting users who installed compromised versions.
PyPICompromised packageMalicious maintainer - containedhigh
lightning: Obfuscated JavaScript Credential Stealer Bundled in PyPI Wheel
The lightning PyPI package versions 2.6.2 and 2.6.3 were compromised on April 30, 2026, containing obfuscated JavaScript code designed to steal credentials. The project's GitHub account showed signs of compromise, with suspicious responses closing vulnerability reports.
PyPICompromised packageMalicious maintainer - activecritical
Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor
Three IoliteLabs VSCode extensions (solidity-macos, solidity-windows, solidity-linux) containing obfuscated backdoors targeting Solidity and Web3 developers across Windows, macOS, and Linux. The backdoors download remote payloads and establish persistence mechanisms on infected systems.
Container registryOtherCompromised packageMalicious maintainer