On March 31, 2026, two versions of the widely-used axios npm library (1.14.1 and 0.30.4) were found to contain malicious code planted by a threat actor who compromised the maintainer's account. The affected versions were available on npm for approximately three hours (00:21–03:29 UTC) before being removed.
We investigated immediately and confirmed that Keboola's platform, infrastructure, and customer data were not affected.
Specifically:
No Keboola CI/CD pipelines referenced the malicious versions — all lockfiles were pinned to safe versions prior to the attack window.
No Docker images were built during the attack window, meaning no production containers could have pulled the compromised packages.
All Keboola developer machines were checked. No indicators of compromise were found on any machine.
No customer action is required. If you have questions, contact us at security@keboola.com.
AWS EU (eu-central-1) - Operational
GCP EU (europe-west3) - Operational
AWS US (us-east-1) - Operational
GCP US (us-east4) - Operational
Azure NE (north-europe) - Operational