Urgent: Malicious nx Build Kit Steals GitHub Keys
2025-08-27
A malicious post-install command in the popular nx build kit has been discovered, creating a repository prefixed with 's1ngularity-repository' on affected users' GitHub accounts. This malware steals wallets, API keys, and environment variables, storing them in a base64-encoded file. Cleverly, it leverages LLMs like Claude Code CLI or Gemini CLI to offload much of its fingerprintable code to a prompt, making detection harder. Impacted versions of nx have been removed from npm. Users should immediately check their GitHub accounts, update nx to the latest safe version, and rotate any compromised secrets.