malware npm

@nx/js

discovered 2025-08-27

@nx/js is identified in the SafeDep analysis "nx Build System Compromised Targeting Linux and MacOS developers". The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that stole credentials, exfiltrated sensitive files, and added destructive commands to shell configs, causing system shutdowns and data leaks.

more…

Threat types

credential_stealer data_exfiltration wiper

Malicious versions

20.9.0

Campaigns

s1ngularity nx Build System Compromiseattributed-to

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
ttp T1041 Exfiltration Over C2 Channeluses
ttp T1552.004 Unsecured Credentials: Private Keysuses
ttp T1528 Steal Application Access Tokenuses
ttp T1071.001 Application Layer Protocol: Web Protocolsuses
ttp T1102 Web Serviceuses
ttp T1546 Event Triggered Executionuses
ttp T1485 Data Destructionuses

Read the full analysis →