THREATPKG
SYNC STALE

Supply-chain threat intelligence

Incident detail

criticalnpm·maintainer compromise·osv

Malicious code in @nx/devkit (npm)

@nx/devkit

Risk score

92

AI summary

Indexed incident for @nx/devkit (npm).

Description

The nx project and associated plugins were compromised via a vulnerable
GitHub workflow that allowed code injection and the theft of an NPM token.

Technical details

Indicators

  • Advisory IDs
    90%
  • affected version<function fixed() { [native code] }75%
  • affected version<function fixed() { [native code] }75%

Timeline

  1. Advisory published
  2. Indexed by ThreatPkg

Related incidents