The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities.
"Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials,



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/08/malicious-nx-packages-in-s1ngularity.html