Axios package compromise and remediation steps (opens in new tab)

**Published:** March 31, 2026 | **Authors:** Vercel Security --- The `axios` npm package was compromised in an active supply chain attack discovered on March 31, 2026. Vercel investigated this issue and implemented remediation actions to protect the platform. No Vercel systems were affected. The npm registry removed the compromised package versions, and the latest tag now points to the safe `axios@1.14.0` release. - We’ve blocked outgoing access from our build infrastructure to the Comman...