GHSA-cxm3-wv7p-598c: Malicious versions of Nx were published

August 27, 2025

Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user’s accounts.

References

github.com/advisories/GHSA-cxm3-wv7p-598c
github.com/nrwl/nx
github.com/nrwl/nx/issues/32522
github.com/nrwl/nx/issues/32523
github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c

Code Behaviors & Features

Detect and mitigate GHSA-cxm3-wv7p-598c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →