CVE-2026-34841 - @usebruno/cli axios supply-chain RAT

@usebruno/cli was exposed to a compromised axios npm dependency during the 2026-03-31 axios supply-chain incident. The advisory states that malicious axios releases introduced a hidden dependency that deployed a cross-platform Remote Access Trojan. The highest-risk targets are CI runners, developer workstations, API-testing automation, and container builds that installed Bruno CLI while npm could resolve the compromised axios versions.

This is not a normal dependency bump. A reviewer-ready fix needs a clean upgrade to Bruno CLI 3.2.1+, removal of compromised axios resolutions, repository-controlled cache and artifact purge, and credential rotation for secrets reachable from affected install environments.

When to use it

  • A repository installs, pins, caches, mirrors, images, or runs @usebruno/cli, Bruno API-test automation, or Bruno-related package graphs.
  • Lockfiles, SBOMs, Docker layers, CI caches, package mirrors, or generated reports may preserve axios@1.14.1, axios@0.30.4, or plain-crypto-js.
  • Dependency installs ran during or after the 2026-03-31 exposure window with API-test, npm, GitHub, cloud, SSH, Vault, Kubernetes, or deployment secrets reachable.
  • You need a bounded PR or triage note that cleans the graph and names cache purge plus credential rotation actions.

Inputs

  • Package manifests, lockfiles, Dockerfiles, devcontainers, API-test runners, CI workflows/caches, package mirrors, SBOMs, generated reports, build logs, and release artifacts.
  • Bruno CLI and axios versions, package-manager cache boundaries, mirror ownership, install timestamps, lifecycle-script policy, adjacent secret names, and credential rotation owners.
  • Available clean install, lockfile integrity, dependency guard, workflow lint, build, image build, SBOM, and dependency/security scan commands.

Affected versions

Package Ecosystem Affected versions Fixed version
@usebruno/cli npm < 3.2.0 3.2.1+
axios npm transitive 1.14.1, 0.30.4 remove and resolve to a clean version

The exposure window called out by the advisory is 2026-03-31 00:21 UTC to approximately 2026-03-31 03:30 UTC for users who ran npm install for @usebruno/cli. Treat controlled caches, lockfiles, image layers, and build artifacts as suspect if they can preserve axios@1.14.1, axios@0.30.4, or the malicious hidden dependency.

Indicator-of-exposure

  • A manifest, lockfile, SBOM, generated dependency report, Docker layer, package mirror, CI cache, or build log references @usebruno/cli, axios@1.14.1, axios@0.30.4, or plain-crypto-js.
  • CI, developer bootstrap, API-test automation, devcontainer setup, container builds, or release packaging ran npm install, npm ci, pnpm install, or yarn install during or after the 2026-03-31 exposure window while the compromised packages could be resolved.
  • Install jobs had access to npm tokens, GitHub tokens, API collection secrets, environment files, cloud credentials, SSH keys, package-registry credentials, Kubernetes tokens, Vault tokens, or deployment secrets.
  • Internal package mirrors, pull-through caches, offline artifact stores, reusable CI workspaces, or base images may have retained the malicious axios tarball after upstream removal.
  • A repository is the Bruno source tree or a fork and still allows ranged axios resolution for CLI-related packages instead of exact known-good pins and an override.

Quick checks:

rg -n "@usebruno/cli|usebruno|bruno|axios|plain-crypto-js|1\\.14\\.1|0\\.30\\.4|3\\.2\\.1|postinstall|minimum-release-age|NPM_TOKEN|GITHUB_TOKEN|actions/cache|restore-keys" package*.json package-lock.json pnpm-lock.yaml yarn.lock npm-shrinkwrap.json .npmrc Dockerfile* .github .devcontainer scripts .
npm ls @usebruno/cli axios plain-crypto-js
pnpm why @usebruno/cli axios plain-crypto-js
yarn why @usebruno/cli axios plain-crypto-js

Windows:

rg -n "@usebruno/cli|usebruno|bruno|axios|plain-crypto-js|1\.14\.1|0\.30\.4|3\.2\.1|postinstall|minimum-release-age|NPM_TOKEN|GITHUB_TOKEN|actions/cache|restore-keys" package*.json package-lock.json pnpm-lock.yaml yarn.lock npm-shrinkwrap.json .npmrc Dockerfile* .github .devcontainer scripts .
npm ls @usebruno/cli axios plain-crypto-js
pnpm why @usebruno/cli axios plain-crypto-js
yarn why @usebruno/cli axios plain-crypto-js

Do not install, execute, import, unpack in-place, or preserve a suspected malicious tarball in a secret-bearing environment. Use a disposable offline forensics workspace if incident responders require package inspection.

Remediation strategy

  • Upgrade every controlled @usebruno/cli reference to 3.2.1+ and regenerate lockfiles from a clean dependency graph.
  • Remove axios@1.14.1, axios@0.30.4, plain-crypto-js, stale package tarballs, generated dependency reports, SBOM entries, Docker layers, and release artifacts that can preserve the compromised graph.
  • If maintaining Bruno itself or a fork, pin axios to an exact known-good version across CLI-related workspaces and enforce the same resolution with a root override. Verify any minimum-release-age control is supported by the package manager actually used in CI.
  • Invoke the artifact cache quarantine workflow for internal mirrors, pull-through caches, reusable CI workspaces, and base images that may have fetched the compromised axios versions.
  • Rotate credentials reachable from affected install environments: npm, GitHub, cloud, API-test secrets, .env files, SSH, Kubernetes, Vault, package-registry, deployment, and local developer credentials.
  • Reduce recurrence risk by minimizing secrets during dependency install, disabling lifecycle scripts unless explicitly required, using deterministic lockfile installs, segregating caches by trust boundary, and reviewing lockfile resolved, integrity, source, and lifecycle-script changes.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-34841 / GHSA-658g-p7jg-wx5g, the
`@usebruno/cli` exposure to compromised axios npm releases that could install a
cross-platform RAT. Produce exactly one output:

- A reviewer-ready PR/change request that upgrades Bruno CLI, removes
  compromised axios resolutions, purges repository-controlled caches and
  generated artifacts, adds safe supply-chain guardrails, and documents
  credential-rotation/operator actions, or
- TRIAGE.md if this repository does not own an affected Bruno CLI dependency
  graph, API-test automation path, package cache, image, mirror, or install
  workflow.

## Rules

- Scope only CVE-2026-34841 / GHSA-658g-p7jg-wx5g and directly related
  `@usebruno/cli`, axios, package-cache, generated-artifact, CI, image, and
  credential exposure cleanup.
- Treat npm tokens, GitHub tokens, API collection secrets, `.env` files, cloud
  credentials, SSH keys, Kubernetes service-account tokens, Vault tokens,
  package-registry credentials, deployment secrets, and local developer
  credentials as sensitive.
- Do not install, execute, import, unpack in-place, sandbox-run, or preserve
  `axios@1.14.1`, `axios@0.30.4`, `plain-crypto-js`, or any suspected
  malicious tarball during remediation.
- Do not print secrets, package payloads, `.env` files, CI secret values,
  suspicious endpoints, or broad home-directory file listings in PR output.
- Do not delete shared forensic artifacts automatically; quarantine or document
  operator action.
- Do not auto-merge.

## Steps

1. Inventory every npm package manifest, lockfile, workspace, vendored module,
   Dockerfile, image build context, devcontainer, API-test runner, SBOM,
   generated dependency report, package mirror, CI cache, and release workflow
   controlled by this repository.
2. Search for `@usebruno/cli`, `usebruno`, `bruno`, `axios`,
   `plain-crypto-js`, exact versions `1.14.1` and `0.30.4`, Bruno CLI
   version `3.2.1`, npm registry URLs, package-manager cache keys,
   `minimum-release-age`, and build logs showing dependency installation near
   `2026-03-31 00:21 UTC` through `2026-03-31 03:30 UTC`.
3. Determine every resolved Bruno CLI and axios version. A target is exposed if
   it resolves `@usebruno/cli <3.2.1`, preserves `axios@1.14.1` or
   `axios@0.30.4`, references `plain-crypto-js`, or ran dependency install
   during the exposure window from a registry or mirror that could serve the
   compromised packages.
4. If no affected dependency graph, install workflow, cache, mirror, image, or
   generated artifact is controlled by this repository, stop with `TRIAGE.md`
   listing checked paths and the external owner if another platform supplies
   Bruno CLI or package caches.
5. Upgrade every controlled `@usebruno/cli` reference to `3.2.1+`. Regenerate
   lockfiles from a clean environment with lifecycle scripts disabled unless
   the repository explicitly requires them.
6. If this is the Bruno source tree or a fork, pin axios to an exact known-good
   version across CLI-related workspaces, add a root override for the same
   version, regenerate the lockfile, and verify any package-manager
   delayed-release policy is actually enforced.
7. Purge repository-controlled caches and artifacts that may retain or have
   executed the compromised packages: `node_modules`, npm/pnpm/Yarn stores,
   CI workspaces, Actions caches, Docker layers, package mirrors, API-test
   reports, SBOMs, generated dependency reports, and deploy bundles.
8. For shared package mirrors, proxy registries, base images, or developer
   workstations outside repository control, write explicit operator actions
   naming `axios@1.14.1`, `axios@0.30.4`, `plain-crypto-js`, and the required
   quarantine or rebuild owner.
9. Draft the credential-rotation packet for every exposed install/build
   environment. Include npm, GitHub, cloud, API-test, SSH, Kubernetes, Vault,
   package-registry, deployment, `.env`, and local developer credentials
   reachable by the install process.
10. Add guardrails where this repository owns them:
    - dependency guard rejects `@usebruno/cli <3.2.1`;
    - dependency guard rejects `axios@1.14.1`, `axios@0.30.4`, and
      `plain-crypto-js`;
    - CI install jobs run with minimal secrets and deterministic lockfile
      installs;
    - lifecycle scripts are disabled unless required and documented;
    - cache keys are segregated by trust boundary;
    - lockfile review flags `resolved`, `integrity`, source URL, dependency,
      and lifecycle-script changes.
11. Add a PR body section named `CVE-2026-34841 operator actions` that states:
    - whether `@usebruno/cli`, compromised axios versions, or
      `plain-crypto-js` were found;
    - which manifests, locks, images, caches, mirrors, and artifacts were
      cleaned;
    - whether any install occurred during or after the 2026-03-31 exposure
      window;
    - which credentials require rotation and who owns it;
    - which package mirrors, base images, or developer caches need quarantine;
    - which validation commands passed.
12. Run available validation: clean package install, lockfile integrity,
    dependency guard tests, CI workflow lint, unit tests, build, SBOM refresh,
    image build, and dependency/security scans.
13. Use PR title:
    `fix(sec): remediate CVE-2026-34841 in Bruno CLI`.

## Stop conditions

- No controlled manifest, lockfile, image, generated artifact, CI cache,
  package mirror, or install workflow can contain affected Bruno CLI or
  compromised axios packages.
- The only exposure is an externally owned developer machine, build
  environment, or package mirror; write `TRIAGE.md` naming the owner, evidence,
  required cache purge, and rotation due date.
- Safe verification would require executing the compromised package, contacting
  suspicious infrastructure, dumping broad home directories, or exposing
  secrets.
- Credential rotation is required but cannot be performed from this repository;
  document the rotation packet and stop short of claiming full remediation.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Verification - what the reviewer looks for

  • No controlled manifest, lockfile, SBOM, image, generated report, cache policy, or registry mirror references @usebruno/cli <3.2.1, axios@1.14.1, axios@0.30.4, or plain-crypto-js.
  • Lockfiles and generated artifacts are rebuilt from a clean dependency graph resolving Bruno CLI 3.2.1+.
  • The PR does not install or execute compromised packages while validating.
  • Cache purge and credential-rotation actions are specific to the environments that could have installed the compromised packages.
  • Supply-chain guardrails reduce recurrence risk without breaking legitimate API-test automation or Bruno CLI workflows.

Output contract

  • Reviewer-ready PR upgrading @usebruno/cli to 3.2.1+ and removing compromised axios/plain-crypto-js resolutions from manifests, locks, SBOMs, reports, images, and generated artifacts.
  • Cache/mirror/artifact purge plan for repository-controlled CI workspaces, package stores, Docker layers, base images, API-test reports, and mirrors that could retain compromised packages.
  • Credential-rotation packet for every affected install environment by secret class and owner, without printing values or suspicious payloads.
  • TRIAGE.md when package caches, mirrors, developer machines, or credential rotation are owned outside this repository.

Watch for

  • Treating this as a simple Bruno CLI version bump while leaving CI caches, package mirrors, Docker layers, or generated artifacts untouched.
  • Regenerating lockfiles on a runner or workstation that may still hold the compromised packages in its package-manager store.
  • Assuming Bruno desktop app exposure is the same as Bruno CLI npm install exposure; the advisory distinguishes the CLI path.
  • Adding minimum-release-age without verifying the package-manager version supports and enforces it.
  • Rotating npm or GitHub tokens but missing API-test, cloud, SSH, Vault, Kubernetes, package-registry, deployment, or local developer credentials.
  • Running package lifecycle scripts during investigation.

References