EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Storyline

Malicious axios npm package versions deliver malware targeting crypto developers

The widely used npm package axios was compromised in a supply chain attack with malicious versions 1.14.1 and 0.30.4 containing a malware dropper named plain-crypto-js@4.2.1. These versions were published recently and have since been removed from the npm registry.

Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (1 domains)domains are deduped. counts indicate coverage, not truth.
1 top source shown
Slow Fog warns devs over malicious axios malware campaign
Crypto.News · News · crypto.news · 2026-03-31 14:30 UTC
limited source diversity in top sources
View all evidence
Overview

The widely used npm package axios was compromised in a supply chain attack with malicious versions 1.14.1 and 0.30.4 containing a malware dropper named plain-crypto-js@4.2.1. These versions were published recently and have since been removed from the npm registry.

Score total
1.25
Momentum 24h
2
Posts
2
Origins
2
Source types
2
Duplicate ratio
0%
Why now
  • Malicious axios versions were published and removed within the last 24 hours, posing immediate risk.
  • Crypto developers using npm are urged to audit dependencies and rotate credentials now.
  • Security firms like Slow Fog have issued urgent warnings to mitigate ongoing threats.
Why it matters
  • Supply chain attacks on popular npm packages can compromise crypto development environments.
  • Malware embedded in dependencies can lead to credential theft and remote access trojans affecting blockchain projects.
  • Prompt detection and remediation are critical to protect crypto infrastructure and developer credentials.
Continuity snapshot
  • Trend status: insufficient_history.
  • Continuity stage: emerging_confirmed.
  • Current status: open.
  • 2 current source-linked posts are attached to this storyline.
All evidence
All evidence
Slow Fog warns devs over malicious axios malware campaign
Crypto.News · crypto.news · 2026-03-31 14:30 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • Crypto.News (1)
  • netsec (1)
Top origin domains (this list)
  • crypto.news (1)
  • thecybersecguru.com (1)