SkillTotal

Is axios safe?

No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Node.js shell/command execution
  • Node.js network egress
  • npm prepare hook

axios is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 4 risky constructs are reported for review. It can: install time execution, network egress and shell execution — capabilities are what the code can do, not a verdict on intent. Risk score 10/100 (low).

axios 1.18.1

npm_package · npm:axios
LOW
10
/ 100 risk score
Snapshot · scanned Jul 5, 2026 · axios@1.18.1 · engine 0.30.0 / ruleset 28

Automated static-analysis result. It can contain false positives and false negatives, and is not a claim about the intent of axios's authors. Report a false positive.

Capabilities — what this component can do (not a risk score):
install time executionnetwork egressshell execution

Findings (4)

HIGHNode.js shell/command executionST-SHELL-NODE

The component can run operating-system commands or spawn processes.

while ((match = tokensRE.exec(str))) {
return parser.exec(value);
while ((match = pattern.exec(name)) !== null) {
const match = DATA_URL_PATTERN.exec(uri);
const match = /^([-+\w]{1,25}):(?:\/\/)?/.exec(url);
while ((matches = regExp.exec(str)) !== null) {

Why it matters: Powerful and often legitimate — confirm the commands aren't built from untrusted input.

Fix: Confirm the command and its arguments are fully controlled and not derived from untrusted input; prefer execFile with an argument array.

MEDIUMServer bound to all network interfacesST-EXPOSE-BIND

A server is bound to all network interfaces (0.0.0.0), not just your own machine.

const LOOPBACK_HOSTNAMES = new Set(['localhost', '0.0.0.0']);

Why it matters: Without authentication, other hosts on the network can reach it.

Fix: Bind to 127.0.0.1 for local-only use, or require authentication and restrict access if remote exposure is intended.

MEDIUMnpm prepare hookST-INSTALL-NPM-PREPARE

package.json has a 'prepare' script (runs on git/local installs and before publishing).

"prepare": "husky"

Why it matters: Usually a build step, but confirm it doesn't fetch or run remote code.

Fix: Usually a legitimate build step; confirm it only builds and does not fetch or execute remote code.

MEDIUMNode.js network egressST-NET-NODE

The component makes outbound network requests.

declare const axios: AxiosStatic;
export default axios;
import axios from './lib/axios.js';
axios as default,
headers.set('User-Agent', 'axios/' + VERSION, false);
const kAxiosSocketListener = Symbol('axios.http.socketListener');
const kAxiosCurrentReq = Symbol('axios.http.currentReq');
const kAxiosInstalledTunnel = Symbol('axios.http.installedTunnel');
// the exact same logic as if the redirected request was performed by axios directly.
// See https://github.com/axios/axios/issues/69
headers.set('User-Agent', 'axios/' + VERSION, false);
tag: `axios-${VERSION}-boundary`,
// directly by Node's http.request (e.g. insecureHTTPParser, lookup).
// Copy axios.prototype to instance
const axios = createInstance(defaults);
axios.Axios = Axios;
axios.CanceledError = CanceledError;
axios.CancelToken = CancelToken;
axios.isCancel = isCancel;
axios.VERSION = VERSION;
axios.toFormData = toFormData;
axios.AxiosError = AxiosError;
axios.Cancel = axios.CanceledError;
axios.all = function all(promises) {

Why it matters: Usually legitimate, but confirm the destinations are expected and no sensitive data leaves.

Fix: Confirm the destination hosts are expected and that no sensitive data is sent off-host.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →