Home / Security updates / Axios NPM dependency
Axios NPM dependency
Security updates detail rendered from /security-updates/upd_d8ae501dd54f1d77.
Overview
| ID | upd_d8ae501dd54f1d77 |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Videsk |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_d8ae501dd54f1d77 |
| providerId | safebase |
| organizationId | org_d7360b7a9b1e585d |
| trustCenterId | tc_350eed60afedf5b3 |
| title | Axios NPM dependency |
| message | **Axios Supply Chain Attack — Security Notice** On March 31st, 2026, a supply chain attack targeting the Axios npm package was reported. Versions 1.14.1 and 0.30.4 were compromised through a hijacked maintainer account, injecting a malicious dependency (`[email protected]`) that deployed a cross-platform Remote Access Trojan (RAT). **Videsk is not affected by this vulnerability.** We took immediate action on the same day the advisory was disclosed, reviewing all backend and frontend services using the following mechanisms: - GitHub Security Advisory (GHSA) automated scanning - Manual audit via regex pattern matching across all repositories No compromised versions were found, nor were any dependencies associated with `plain-crypto-js` identified in any of our services. **Audit evidence** ``` $ bash ./axios-vuln.sh 47 SAFE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ AXIOS SUPPLY CHAIN ATTACK — INTERNAL AUDIT REPORT ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ |
| url | - |
| publishedAt | 2026-04-01 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_d7360b7a9b1e585d",
"name": "Videsk",
"domains": [
"trust.videsk.io",
"videsk.io"
]
} |
| trust_center | {
"id": "tc_350eed60afedf5b3",
"name": "Videsk",
"url": "https://trust.videsk.io",
"host": "trust.videsk.io"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_d8ae501dd54f1d77",
"company": "/v1/companies/org_d7360b7a9b1e585d",
"trust_center": "/v1/trust-centers/tc_350eed60afedf5b3",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_d8ae501dd54f1d77JSON