[MS] Axios npm Supply Chain Compromise – Guidance for Azure Pipelines Customers - devamazonaws.blogspot.com

On March 31, 2026, malicious versions of the widely used JavaScript HTTP client library Axios were briefly published to the npm registry as part of a supply chain attack.

The affected versions — 1.14.1 and 0.30.4 — included a hidden malicious dependency that executed during installation and connected to attacker-controlled command-and-control (C2) infrastructure to retrieve a second-stage payload.

Because modern development workflows frequently rely on automated dependency resolution during CI/CD builds, environments such as developer workstations and build agents—including those used in Azure Pipelines—may have been exposed if they resolved the compromised versions during installation or update.

For a detailed technical analysis of the attack and recommended mitigations, please refer to the Microsoft Security Blog:

Mitigating the Axios npm Supply Chain Compromise on the Microsoft Security Blog.

Impact on Azure Pipelines

This incident does not represent a compromise of Azure Pipelines itself.

Customers who:

  • Use Microsoft-hosted agents, and
  • Run only Microsoft-authored built-in tasks

are not affected by any compromise of the Azure Pipelines platform or hosted agent infrastructure as a result of this npm ecosystem attack.

Azure Pipelines Microsoft-hosted agents execute jobs on Microsoft-managed virtual machines. Each pipeline job runs on a newly provisioned VM that is discarded after the job completes. Any changes made during a job are not persisted to subsequent jobs. See Microsoft-hosted agents for Azure Pipelines and Azure Pipelines agents on Microsoft Learn.

However, CI/CD pipelines execute customer-defined workflows, including installing third-party dependencies during build time. If a pipeline run installed one of the malicious Axios versions, code executed during package installation, and any credentials or secrets available to that affected job should be treated as potentially exposed.

If Your Pipelines Include Custom Scripts, Extensions, Self-Hosted Agents, or Containers, We Recommend the Following Actions

You may be at risk if your Azure Pipelines workflows include:

  • Custom pipeline scripts
  • Third-party extensions installed from the Marketplace
  • Self-hosted agents
  • Containerized build environments

Review Self-Hosted Agents

Self-hosted agents are customer-managed compute infrastructure used to run pipeline jobs. See Azure Pipelines agents on Microsoft Learn.

Self-hosted agents that executed pipeline builds during the compromise window may have:

  • Installed malicious dependencies
  • Persisted compromised packages in local caches
  • Exposed credentials accessible during pipeline execution

We recommend:

  • Reimaging or rebuilding affected agents
  • Reviewing agent activity logs during the relevant timeframe
  • Rotating credentials used by affected agents

Audit Third-Party or Custom Pipeline Tasks

Review whether any:

  • Marketplace extensions
  • Custom tasks
  • Inline scripts

used in your pipelines depend directly or transitively on Axios and executed npm install or update operations during pipeline execution.

Pipeline steps that resolve compromised dependencies may have access to:

  • Secure pipeline variables
  • Service connection tokens
  • Deployment credentials

Review Service Connections

Azure Pipelines uses service connections to authenticate pipelines to external or remote services such as:

  • Azure subscriptions
  • Container registries
  • Kubernetes clusters
  • External build or artifact systems (see Service connections on Microsoft Learn)

If compromised dependencies executed within a pipeline job, identities or credentials associated with service connections used during that run may have been exposed.

We recommend:

  • Rotating credentials associated with affected service connections
  • Reviewing actions taken by pipelines using those connections

Clear Pipeline Dependency Caches

Compromised dependencies may persist in:

  • Pipeline workspace caches
  • npm/yarn/pnpm cache directories
  • Container build layers
  • Generated artifacts
  • Package-manager caches

Clear dependency caches associated with affected repositories or agents to prevent reuse of compromised packages in future builds.

Artifacts generated from runs that installed the malicious package versions should be treated as untrusted and replaced with clean builds.

What to do now

Review any pipeline runs that may have installed the affected Axios versions, especially in workflows that use self-hosted agents, custom tasks, third-party extensions, or containerized build environments.

For detailed attack analysis, indicators of compromise, and mitigation guidance, see Mitigating the Axios npm Supply Chain Compromise on the Microsoft Security Blog.

What to review in your pipelines

  • Custom pipeline scripts
  • Third-party extensions installed from the Marketplace
  • Self-hosted agents
  • Containerized build environments

Best Practices to Reduce Future Supply Chain Risk in Azure Pipelines

Pin Dependency Versions

Avoid loose semantic version ranges such as:

"axios": "^1.13.0"

Loose constraints may automatically resolve to newly published versions during routine installs — including compromised ones.

Use Lockfiles and Deterministic Installs

Ensure your pipelines:

  • Commit package-lock.json / yarn.lock / pnpm-lock.yaml
  • Use deterministic install commands (e.g. npm ci)

This helps prevent unexpected dependency resolution during CI/CD runs.

Limit Secret Scope in Pipelines

Minimize exposure by:

  • Using least-privilege service connections
  • Injecting secrets only into steps that require them
  • Avoiding global environment variable exposure across jobs

Rebuild Build Outputs After Remediation

Do not assume that:

  • Container images
  • Deployment bundles
  • Published packages

produced during a compromised pipeline run are safe.

Rebuild affected outputs after remediating dependencies.

How to reduce future supply chain risk

  • Pin dependency versions
  • Use lockfiles and deterministic installs
  • Limit secret scope in pipelines
  • Rebuild build outputs after remediation

Learn More

To understand the attack mechanics, indicators of compromise, and Microsoft’s mitigation guidance, please review: Mitigating the Axios npm Supply Chain Compromise on the Microsoft Security Blog.

Self-hosted agents that executed pipeline builds during the relevant timeframe should be reviewed for signs that they installed the malicious package versions or the injected dependency plain-crypto-js@4.2.1.

We recommend:

  • Reviewing pipeline and agent logs for npm install or npm ci runs that resolved axios@1.14.1, axios@0.30.4, or plain-crypto-js@4.2.1
  • Reviewing network activity for connections to sfrclak[.]com or 142.11.206.73 on port 8000
  • Reimaging or rebuilding affected agents where practical
  • Rotating credentials that were available to affected runs

If an affected pipeline run had access to service connections or deployment credentials, those credentials should be treated as potentially exposed.

We recommend:

  • Rotating credentials associated with service connections used by affected runs
  • Reviewing service connection usage history and actions taken by those identities during the relevant timeframe

How to verify whether you were affected

Review pipeline logs for npm install or npm ci executions that resolved:

  • axios@1.14.1
  • axios@0.30.4
  • plain-crypto-js@4.2.1

Also review network and endpoint telemetry for the following indicators:

  • sfrclak[.]com
  • 142.11.206.73
  • hxxp://sfrclak[.]com:8000/6202033

Post Updated on April 24, 2026 at 11:40AM
Thanks for reading
from devamazonaws.blogspot.com

Comments

Post a Comment

Popular posts from this blog

[MS] Pulling a single item from a C++ parameter pack by its index, remarks - devamazonaws.blogspot.com

In my earlier discussion of pulling a single item from a C++ parameter pack by its index , I noted that with the Pack Indexing proposal, you would be able to write this to pull an item from a parameter pack while preserving its reference category. template<int index, typename...Args> void example(Args&&... args) { auto&& arg = (Args...[index]&&)args...[index]; using Arg = Args...[index]&&; } Why did I need to apply the (Args...[index]&&) cast ? Why can't I just write this: auto&& arg = args...[index]; or possibly decltype(auto) arg = args...[index]; Well, when you write the name of a variable, the result is an lvalue reference, even if the variable is an rvalue reference . Watch: struct S { S(S&); // construct from lvalue S(S&&); // construct from rvalue }; void whathappens(S&& s) { S t = s; // which will it use? } Try it out in your favorite compiler. This code construc...
Read more

[MS] Going beyond the empty set: Embracing the power of other empty things - devamazonaws.blogspot.com

The empty set contains nothing. This sounds really silly, but it's actually really nice. The Windows Runtime has a policy that if a method returns a collection (such as an IVector ), and the method produces no results, then it should return an empty collection, rather than a null reference . That way, consumers can just iterate over the collection without having to deal with a null test. For example, suppose you have a method Widget:: Get­Associated­Doodads which returns an IVectorView<Doodad> representing the Doodad objects that have been associated with a Widget object. If no Doodad s have been associated with the Widget , then it should return an empty vector, not a null pointer. That allows developers to write the natural-looking code: // C# foreach (var doodad in widget.GetAssociatedDoodads()) { ⟦ process each doodad ⟧ } // C++/WinRT for (auto&& doodad : widget.GetAssociatedDoodads()) { ⟦ process each doodad ⟧ } // JavaScript widget.GetAssociated...
Read more

[MS] The case of the crash when destructing a std::map - devamazonaws.blogspot.com

A customer reported that they were getting crashes while destructing a std::map . Here's the point of the crash: eax=245bd25c ebx=00004d33 ecx=31feece4 edx=00c40000 esi=00000000 edi=31feece4 eip=563397db esp=245bd250 ebp=245bd268 iopl=0 nv up ei ng nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010286 contoso!std::_Tree<⟦...⟧>::~_Tree+0x2b: 563397db cmp byte ptr [esi+0Dh],0 ds:002b:0000000d=?? 0:054> k9 ChildEBP RetAddr (Inline) -------- contoso!std::_Tree_val<⟦...⟧>::_Erase_tree [xtree @ 1073] (Inline) -------- contoso!std::_Tree_val<⟦...⟧>::_Erase_head+0x5 [xtree @ 1073] 245bd268 56338313 contoso!std::_Tree<⟦...⟧>::~_Tree+0x2b [xtree @ 1073] 245bd290 56362695 contoso!Contoso::IdCollection::~IdCollection+0x163 245bd2b4 564c8510 contoso!Contoso::LogEntry::~LogEntry+0xd5 245bd2e0 5691a999 contoso!Contoso::LogEntries::Cleanup+0x90 (Inline) -------- con...
Read more