GHSA-cxm3-wv7p-598c: Nx Build System Supply-Chain Compromise

On August 26, 2025, the popular Nx build system package was compromised in a sophisticated supply-chain attack. Malicious versions of Nx and related packages were published to npm, embedding malware that scanned developer environments for sensitive credentials and exfiltrated them.

This attack stands out not only because of its impact with thousands of developers who may have been exposed in just over five hours, but also because it represents the first known case where attackers weaponized AI CLI tools to aid in reconnaissance and exfiltration.

Overview

On August 26, 2025, attackers gained access to an npm publishing token for an Nx maintainer. They began releasing malicious versions of Nx and associated packages, including @nx/devkit, @nx/js, @nx/workspace, @nx/node, and others.

Within hours, compromised versions spread across both the 20.x and 21.x branches. Within hours, npm removed the malicious packages, but not before they had been downloaded and installed by unsuspecting developers.

The official advisory, GHSA-cxm3-wv7p-598c, confirms that a leaked npm token allowed attackers to hijack releases.

Affected Versions

Malicious versions published on August 26, 2025:

• nx: 20.9.0, 20.10.0, 20.11.0, 20.12.0, 21.5.0, 21.6.0, 21.7.0, 21.8.0
• @nx/devkit, @nx/js, @nx/workspace, @nx/node: versions 20.9.0, 21.5.0
• @nx/eslint: version 21.5.0
• @nx/key, @nx/enterprise-cloud: version 3.2.0

All were promptly deleted from npm once discovered.

Technical Breakdown

Attackers abused a compromised npm publishing token to push tampered packages.The packages included a malicious postinstall hook (via telemetry.js), targeting non-Windows systems. The malware performed:

• Filesystem scanning for SSH keys, npm tokens, .gitconfig, wallet files, and environment variables
• Abuse of AI CLI tools  including Claude, Gemini, and q – to aid in reconnaissance 
• Data exfiltration by creating a GitHub repo named s1ngularity-repository and uploading base64-encoded results

This is the first observed case of malware exploiting developer-facing AI assistants as attack tooling, setting a precedent for future supply-chain threats.

Odds of Exploitation

High for projects that auto-upgraded between Aug 26–27, 2025 (e.g., pipelines using semver ranges without pinning or installing latest during that period).

Moderate for pinned-dependency projects, though manual upgrades may still have introduced risk.

Low for installs after npm removed the versions, except where cached or mirrored artifacts persist.

Immediate Actions for Users

1. Check if compromised: Inspect your GitHub account for any repo named s1ngularity-repository. If found, download and then delete it.

2. Identify usage of compromised versions:

npm ls nx

3. Also audit package-lock.json or yarn.lock.

4. Rotate credentials if compromised:

• GitHub tokens
• npm tokens
• SSH keys, environment variables, wallet passwords

5. Clean and update:

npm uninstall nx && npm install nx@latest
npm cache clean --force

6. Search for artifacts: Remove any malicious shutdown commands in .bashrc or .zshrc.

How Upwind Helps Protect You

Upwind provides multiple layers of protection against incidents like this, including:

• eBPF-powered runtime detection can catch suspicious post-install hooks or unusual file scanning behavior as it happens. 
• Continuous vulnerability scanning ensures that workloads using impacted versions are quickly identified. 
• Active monitoring then tracks for abnormal file modifications or the sudden creation of GitHub repositories that could indicate exfiltration attempts. 
• Risk prioritization capabilities highlight suspicious startup file changes, exfiltration signals, or tampering so security teams can respond effectively

By combining runtime visibility with risk prioritization, Upwind helps security teams catch supply-chain anomalies before they cause damage.

Final Thoughts

The Nx compromise shows how quickly trust in developer tools can be weaponized. Although npm removed the malicious versions quickly, teams that auto-upgraded faced critical risk from stolen credentials and wallets. Remediation is simple: remove bad versions, clear caches, and rotate keys. The broader lesson is to pin dependencies, monitor runtime, and catch anomalies early.

Upwind customers are already protected through runtime monitoring and exfiltration detection. If you need help assessing or responding to this incident, contact us at [email protected]