What Happened
In 2025, attackers compromised the axios JavaScript package—one of the most widely used HTTP client libraries in the Node.js ecosystem—through a malicious transitive dependency. The attack didn't target axios directly. Instead, attackers injected malware into a lesser-known dependency that axios pulled in automatically during installation. The malicious code executed immediately on npm install, before any developer ran a single line of code.
The payload targeted developer machines and CI/CD environments, exfiltrating credentials, tokens, and environment variables. Because axios is a foundational package in thousands of applications, the blast radius extended across organizations that had never heard of the compromised dependency.
This incident represents a shift in open source supply chain attacks. Sonatype identified over 454,600 new malicious packages in 2025—not through brute force distribution, but through strategic placement in trusted dependency chains.
Timeline
Initial Compromise: Attackers gained control of a transitive dependency package through compromised maintainer credentials.
Malicious Release: A new version was published with install-time execution hooks that ran before package managers could flag suspicious behavior.
Axios Update: The next axios release automatically pulled the malicious dependency version due to permissive semantic versioning constraints.
Silent Propagation: Organizations running npm update or fresh installs received the compromised dependency chain. CI/CD pipelines executed the malicious code during build processes.
Detection: Security researchers identified the malware after observing unusual network traffic patterns from build environments. By this point, the package had been downloaded thousands of times.
Response: The malicious package was removed from npm, but organizations that had already installed it remained compromised until they explicitly updated and rotated all potentially exposed credentials.
Which Controls Failed or Were Missing
No Pre-Installation Scanning: Organizations ran npm install without scanning dependencies for known malicious patterns before they reached developer machines or build environments.
Unconstrained Dependency Resolution: Package manifests used loose version constraints (^1.2.0 instead of exact versions), allowing automatic updates to pull in compromised releases without review.
Missing Install Script Controls: Package managers executed install scripts with full system access. No sandboxing or permission restrictions limited what code could do during installation.
Insufficient Artifact Verification: Teams didn't verify package signatures or checksums. They trusted that packages from npm were safe by default.
Transitive Dependency Blindness: Dependency trees weren't mapped or monitored. Security teams could inventory direct dependencies but had no visibility into what those dependencies pulled in.
CI/CD Credential Exposure: Build environments had access to production credentials and tokens without time-limited scoping or network segmentation.
What the Standards Require
PCI DSS v4.0.1 Requirement 6.3.2 mandates that custom software and software components are developed securely, including addressing common coding vulnerabilities and managing inventory of bespoke and custom software. While this requirement focuses on custom code, the principle extends to managing third-party components—you can't develop securely if your dependencies are compromised before you write a single line.
ISO/IEC 27001:2022 Control 8.30 (Outsourced development) requires organizations to supervise and monitor outsourced system development. Open source dependencies are effectively outsourced development. You need visibility into what code you're incorporating and controls over when and how it executes.
NIST Cybersecurity Framework v2.0 ID.RA-10 calls for identifying and documenting supply chain risks. A transitive dependency you've never reviewed is a supply chain risk. The framework's Supply Chain Risk Management (SCRM) category emphasizes understanding what's in your software before it reaches production—or your build environment.
SOC 2 Type II CC6.8 addresses system operations, specifically requiring that the entity implements controls to prevent or detect and act upon processing deviations. Install-time malware execution is a processing deviation. Your controls should catch unauthorized code execution during dependency installation.
Lessons and Action Items for Your Team
Move Security Left of Installation
Don't wait until code review to think about dependencies. Implement a registry proxy or mirror that scans packages before they're available to developers. Tools like Sonatype Nexus Repository or JFrog Artifactory can block packages that match malware signatures or exhibit suspicious behavior patterns before they reach your environment.
Lock Your Dependency Versions
Replace semantic version ranges with exact version pins in your lock files. In npm, that means committing package-lock.json and reviewing it in pull requests. When a dependency updates, you should explicitly approve it—not discover it during a security incident.
Disable Install Scripts by Default
Configure npm to skip lifecycle scripts with --ignore-scripts in your CI/CD environment. For the handful of legitimate packages that need install scripts, whitelist them explicitly. Most packages don't need to execute code during installation. The ones that do should earn that privilege.
Map Your Transitive Dependencies
Run npm ls or equivalent tools to generate a complete dependency tree. Feed this into your vulnerability scanner. You need visibility into every package that ends up in node_modules, not just the ones in your package.json.
Segment Your Build Environments
Your CI/CD pipeline shouldn't have standing access to production credentials. Implement short-lived tokens, network segmentation, and least-privilege access. If malware does execute during a build, limit what it can exfiltrate. Consider using workload identity federation instead of static credentials.
Monitor Installation Behavior
Log and alert on unexpected network calls, file system writes, or process spawns during package installation. Malware that exfiltrates credentials during npm install should trigger your EDR or SIEM before it reaches your source code.
Establish Dependency Governance
Create a policy for adding new dependencies. Require security team review for packages with install scripts, native bindings, or fewer than a certain number of downloads. The axios incident succeeded because a low-profile transitive dependency didn't get scrutiny.
The shift to trust-based attacks means your security posture can't start when developers open their IDE. It starts when dependencies enter your environment—and the controls you implement at that boundary determine whether you're protected or exposed.
