The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish malicious versions of the popular npm package and other auxiliary plugins with data-gathering capabilities.

"Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under the user's accounts," the maintainers said in an advisory published Wednesday.

Nx is an open-source, technology-agnostic build platform that's designed to manage codebases. It's advertised as an "AI-first build platform that connects everything from your editor to CI [continuous integration]." The npm package has over 3.5 million weekly downloads.

The lis

See Full Page