Nx Console and the Compromise of 3,800 GitHub Repositories

The Pitch

Nx Console is the official UI for the Nx build system, designed to help 2.2 million developers manage complex monorepos and build pipelines. While it carries a "Verified Publisher" badge on the VS Code Marketplace, this status failed to prevent a catastrophic supply chain attack this month. It is currently the focal point of a major security post-mortem involving stolen source code from GitHub's own internal infrastructure (UsedBy Dossier).

Under the Hood

On May 18, 2026, version 18.95.0 of the Nx Console extension was pushed to the VS Code Marketplace containing a malicious payload. A compromised maintainer account allowed threat group TeamPCP to bypass standard checks, harvesting developer secrets including 1Password vaults and AWS credentials (CyberScoop). The malicious version was live for only 18 minutes but secured over 6,000 installs before its removal (The Hacker News).

The attack specifically targeted the local configurations of Claude 4.5 and Claude 4 Sonnet agents. By exfiltrating ~/.claude/settings.json, the attackers gained access to active session tokens and agentic workflows used by high-level engineers (CyberScoop). This vector enabled the subsequent breach of roughly 3,800 internal GitHub repositories, which are now being offered for sale on cybercrime forums for $50,000 (Varonis Threat Labs / VentureBeat).

The technical failure lies in the VS Code extension architecture, where third-party tools run with the same privileges as the user. Despite the recent v1.120 update adding limited "Agent Sandbox" controls, general extensions still have unrestricted access to sensitive directories like .ssh and .aws (GitHub Issue #52116). The "Verified" badge only confirms identity, not the security of individual code commits or the integrity of the update pipeline (Aikido Security).

We do not know the identity of a second poisoned extension mentioned in GitHub's early reports, nor have we seen a full disclosure of the customer data impacted within those 3,800 exfiltrated repositories (VentureBeat). The Nx compromise has also been linked back to a previous breach of the TanStack library, suggesting a wider domino effect across the JS ecosystem (The Hacker News).

Marcus's Take

The "Verified" badge on the marketplace has become a liability, offering a thin veneer of trust that developers should no longer accept. If your engineering team is using Nx Console, you have effectively handed over the keys to your entire Claude 4.5 agent infrastructure to a third-party maintainer's 2FA settings. I recommend a total moratorium on third-party VS Code extensions that lack a strict, OS-level sandbox. It is rather like hiring a stranger to clean your house and being surprised when they look in the top drawer. Skip it until the permissions model is rebuilt.

Ship clean code,
Marcus.