https://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromiseen-USTelligent Community 12https://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromiseWed, 01 Apr 2026 20:38:57 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:33a29212-f81a-4bc5-a233-f241e0302302Kaushal Patelhttps://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromise#commentsCurrent Revision posted to Appian Knowledge Base by Kaushal Patel on 4/1/2026 8:38:57 PM<br /> <p><span style="font-weight:400;">On 31 March 2026,&nbsp; an Axios npm package that uses a JavaScript library to enable applications to make HTTP/S requests and is included as a dependency in millions of applications was compromised. Between ~00:21 and ~03:30 UTC, malicious versions (</span><b>axios@1.14.1 and axios@0.30.4</b><span style="font-weight:400;">) were published using a compromised maintainer account.</span></p> <p><span style="font-weight:400;">Appian has investigated this vulnerability and affected services, and determined that it is </span><b>not impacted</b><span style="font-weight:400;">, as no vulnerable versions of the packages are used in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;"></span></h2> <h2><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li style="font-weight:400;"><a href="https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/"><span style="font-weight:400;">https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/</span></a></li> <li style="font-weight:400;"><a href="https://www.mend.io/blog/poisoned-axios-npm-account-takeover-50-million-downloads-and-a-rat-that-vanishes-after-install/"><span style="font-weight:400;">https://www.mend.io/blog/poisoned-axios-npm-account-takeover-50-million-downloads-and-a-rat-that-vanishes-after-install/</span></a></li> </ul> <h2><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>April 1, 2026</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> https://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromise/revision/2Wed, 01 Apr 2026 20:34:59 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:33a29212-f81a-4bc5-a233-f241e0302302Kaushal Patelhttps://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromise#commentsRevision 2 posted to Appian Knowledge Base by Kaushal Patel on 4/1/2026 8:34:59 PM<br /> <p><span style="font-weight:400;">On 31 March 2026,&nbsp; an Axios npm package that uses a JavaScript library to enable applications to make HTTP/S requests and is included as a dependency in millions of applications was compromised. Between ~00:21 and ~03:30 UTC, malicious versions (</span><b>axios@1.14.1 and axios@0.30.4</b><span style="font-weight:400;">) were published using a compromised maintainer account.</span></p> <p><span style="font-weight:400;">Appian has investigated this vulnerability and affected services, and determined that it is </span><b>not impacted</b><span style="font-weight:400;">, as no vulnerable versions of the packages are used in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;"></span></h2> <h2><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li style="font-weight:400;"><a href="https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/"><span style="font-weight:400;">https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/</span></a></li> <li style="font-weight:400;"><a href="https://www.mend.io/blog/poisoned-axios-npm-account-takeover-50-million-downloads-and-a-rat-that-vanishes-after-install/"><span style="font-weight:400;">https://www.mend.io/blog/poisoned-axios-npm-account-takeover-50-million-downloads-and-a-rat-that-vanishes-after-install/</span></a></li> </ul> <h2><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>April 1, 2026</span></p><div style="clear:both;"></div> https://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromise/revision/1Wed, 01 Apr 2026 20:31:01 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:33a29212-f81a-4bc5-a233-f241e0302302Kaushal Patelhttps://community.appian.com/support/w/kb/3791/kb-2376-information-about-the-axios-supply-chain-compromise#commentsRevision 1 posted to Appian Knowledge Base by Kaushal Patel on 4/1/2026 8:31:01 PM<br /> <p><span style="font-weight:400;">On 31 March 2026,&nbsp; an Axios npm package that uses a JavaScript library to enable applications to make HTTP/S requests and is included as a dependency in millions of applications was compromised. Between ~00:21 and ~03:30 UTC, malicious versions (</span><b>axios@1.14.1 and axios@0.30.4</b><span style="font-weight:400;">) were published using a compromised maintainer account.</span></p> <p><span style="font-weight:400;">Appian has investigated this vulnerability and affected services, and determined that it is </span><b>not impacted</b><span style="font-weight:400;">, as no vulnerable versions of the packages are used in the Appian Cloud environment or any of Appian&rsquo;s products. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;"></span></h2> <h2><span style="font-weight:400;">Supporting Documentation:</span></h2> <ul> <li style="font-weight:400;"><a href="https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/"><span style="font-weight:400;">https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/</span></a></li> <li style="font-weight:400;"><a href="https://www.mend.io/blog/poisoned-axios-npm-account-takeover-50-million-downloads-and-a-rat-that-vanishes-after-install/"><span style="font-weight:400;">https://www.mend.io/blog/poisoned-axios-npm-account-takeover-50-million-downloads-and-a-rat-that-vanishes-after-install/</span></a></li> </ul> <h2><span>Affected Versions</span></h2> <p><span>This article applies to all supported versions of Appian.</span></p> <p><span>Last reviewed:&nbsp;</span><span>April 1, 2026</span></p><div style="clear:both;"></div>