Archer Special Advisory: Axios NPM Supply Chain Compromise
Special advisories relate to CVEs and security events with broad industry interest even when we know our products and platforms are not affected.
Applies To
Axios NPM Supply Chain Compromise info published by Step Security: axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity.
Details
Archer is aware of the Axios NPM Supply Chain Compromise that impacted their packages. The attack was announced on March 31, 2026.
Archer does leverage some of the libraries in question within various products, but not the affected versions.
Archer continues to monitor the situation.
Legal Information
Read and use the information in this Archer Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Archer Technical Support. Archer distributes Archer Security Advisories in order to bring to the attention of users of the affected Archer products important security information.
Originally posted on April 13, 2026 in the Archer Community.
Comments
0 comments
Please sign in to leave a comment.