Entités

npm registry

Incidents implicated systems

Incident 12102 Rapports
Malicious Nx npm Packages Reportedly Weaponize AI Coding Agents for Data Exfiltration

2025-08-21

Malicious versions of the popular Nx monorepo tool and plugins were reportedly published to npm after attackers compromised its CI workflow. The malware's postinstall script reportedly harvested credentials and exfiltrated data, reportedly weaponizing local AI coding agents such as Claude Code, Gemini, and Amazon q. By invoking unsafe flags, it allegedly coerced the tools into scanning developer machines for sensitive files, marking one of the first known AI-assisted supply chain attacks.

Plus

Entity

Malicious actors compromising Nx’s CI/CD pipeline and publishing tainted npm packages

Plus
Entity

Anthropic

Plus
Entity

Google

Plus
Entity

Amazon

Plus
Entity

Nx users and organizations installing compromised npm packages

Plus
Entity

Nx (monorepo tool and plugins)

Plus
Entity

Claude Code CLI

Plus
Entity

Google Gemini CLI

Plus
Entity

Amazon q CLI

Plus
Entity

GitHub

Plus