Nx is the latest target of a software supply chain attack in the NPM ecosystem, with multiple malicious versions being uploaded to the NPM registry on Tuesday evening.

According to researchers at Wiz , those poisoned packages were laden with malware designed to siphon secrets from developers, such as GitHub and NPM tokens, SSH keys, and cryptocurrency wallet details.

Nx's security advisory , posted to GitHub, which details the affected versions, states that successful credential harvesting then led to those credentials being posted to GitHub as new public-facing repos under the corresponding user accounts.

With a self-proclaimed 24 million NPM downloads per month, a successful supply chain attack on Nx, an open source codebase management platform, could in theory capture the details of

See Full Page