Understanding Supply Chain Attacks: Axios and LiteLLM Compromises

31 Mar, 2026

Cover_Image

Recently, two major open-source libraries, LiteLLM and Axios, were compromised within the span of a week. These incidents highlight just how vulnerable software supply chains can be. In this article, we’ll break down what a supply chain attack is, why they continue to succeed, and what you should do immediately to protect your projects.

What Is a Supply Chain Attack?

When developing software, you often rely on packages created by other developers. These can come from repositories like npm, PyPI, or other sources. Often, these packages pull in additional dependencies, forming a network of code that your project depends on-your software supply chain.

A supply chain attack targets the software you trust. If malicious code finds its way into a dependency you use, attackers can potentially access sensitive files, credentials, or infrastructure. In short: your project becomes a gateway for the attacker.

Axios Incident (March 31, 2026)

Axios, one of the most widely used HTTP client libraries in JavaScript, was recently hit by such an attack. The situation is still unfolding, but here’s what we know so far:

An attacker gained access to the npm account of a lead Axios maintainer.
They changed the account’s email to an anonymous address and published two compromised versions.
A malicious dependency called plain-crypto-js was added. Axios doesn’t use this dependency-it exists solely to execute a post-install script that installs a Remote Access Trojan (RAT).
This RAT targets macOS, Windows, and Linux, connects to a command-and-control server, downloads platform-specific payloads, and then erases traces of itself.

What You Should Do Now

If your project uses axios@1.14.1 or axios@0.30.4, you should:

Immediately remove these versions, or
Roll back to the last safe versions: axios@1.14.0 or axios@0.30.3.

Bottom Line: Supply chain attacks exploit trust in the code we depend on. Even widely used libraries are not immune. Always verify updates, monitor dependency changes, and follow security advisories closely.