Malicious Nx Packages in ‘s1ngularity’ Attack Expose 2,349 GitHub, Cloud, and AI Credentials

The maintainers of the Nx build system have issued a warning regarding a supply chain attack that enabled attackers to publish malicious versions of the widely used npm package and its auxiliary plugins. These compromised versions contained code designed to scan users’ file systems, collect sensitive credentials, and post this information to GitHub as repositories under the users’ accounts. Nx, an open-source and technology-agnostic build platform, is marketed as an “AI-first build platform” that integrates various tools from code editors to Continuous Integration (CI) systems. The npm package boasts over 3.5 million weekly downloads. The affected versions, which have since been removed from the npm registry, include several releases from August 26, 2025.

The root cause of the issue stemmed from a vulnerable workflow that allowed the injection of executable code through specially crafted pull request titles. The Nx team explained that the pull_request_target trigger was used to initiate actions whenever a pull request was created or modified. However, this trigger runs workflows with elevated permissions, including a GITHUB_TOKEN that has read/write access to the repository. This vulnerability allowed the GITHUB_TOKEN to be exploited, triggering the “publish.yml” workflow responsible for publishing Nx packages. Consequently, malicious changes were introduced, enabling the exfiltration of the npm token to an attacker-controlled endpoint. The rogue package versions included a postinstall script that activated upon installation, scanning systems for text files, collecting credentials, and transmitting the data as a Base64-encoded string to a publicly accessible location. 

Categories: Supply Chain Attack, Malicious Software, Vulnerability Exploitation 

Tags: Nx, Supply Chain Attack, npm Package, Malicious Versions, Credentials, GitHub, Elevated Permissions, Pull Request, Workflow, Code Injection