PRDProductsSafety

plain-crypto-js

4 mentions across all digests

plain-crypto-js is a malicious npm package (version 4.2.1) injected into compromised axios releases during a March 2026 supply chain attack, deploying a remote access trojan capable of remote code execution, credential theft, and data exfiltration.

/// Stats

First Seen2026-03-31

Last Seen2026-04-03

Total Mentions4

Subject Mentions4

Last 7 Days0

Sources3

Peak Relevance4/5

Active Predictions1

/// Recent Stories

2026-04-03HIGH

Post Mortem: axios NPM supply chain compromise

Axios maintainer account compromised via RAT malware, injecting remote access trojans into npm versions 1.14.1 and 0.30.4 via fake plain-crypto-js dependency for 3 hours on March 31.

2026-04-01HIGH

Supply Chain Attack on Axios

Attackers published malicious Axios versions (100M weekly downloads) outside the official GitHub workflow, deploying a RAT capable of remote code execution and data exfiltration.

2026-04-01HIGH

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

A leaked npm publish token enabled injection of a credential-stealing RAT into Axios (101M weekly downloads), exposing how long-lived publishing credentials remain a critical supply chain vulnerability.

2026-03-31HIGH

Axios Compromised on NPM – Malicious Versions Drop Remote Access Trojan

Attackers compromised axios on NPM to deploy a self-deleting RAT dropper through versions 1.14.1 and 0.30.4, exposing the supply chain to cross-platform remote access compromise.

/// Predictions

medium

npm will announce mandatory provenance attestation, package signing, or enhanced 2FA requirements for packages exceeding 50K weekly downloads by end of June 2026, following the JavaScript AI toolchain supply chain attack cluster targeting NPM/Axios/plain-crypto-js.

PENDING2026-04-05

/// Connected Entities