Compromised Nx Console
A compromised version of the Nx Console extension was briefly available on the Visual Studio Marketplace and OpenVSX. The malicious version, 18.95.0, was published for approximately 18 minutes before being removed. Users are advised to update to version 18.100.0 and take steps to secure their credentials if they installed the compromised version.
- ▪The compromised Nx Console version 18.95.0 was available for about 18 minutes on the Visual Studio Marketplace.
- ▪Users are urged to update to version 18.100.0 to mitigate potential security risks.
- ▪The attack vector involved a supply-chain compromise that leaked GitHub credentials, allowing unauthorized access to the repository.
Opening excerpt (first ~120 words) tap to expand
nrwl / nx-console Public Notifications You must be signed in to change notification settings Fork 243 Star 1.4k Code Issues 45 Pull requests 7 Discussions Actions Security and quality 1 Insights Additional navigation options Code Issues Pull requests Discussions Actions Security and quality Insights nx-console Security Advisories GHSA-c9j4-9m59-847w Compromised Nx Console version 18.95.0 Critical jaysoo published GHSA-c9j4-9m59-847w May 18, 2026 Package Nx Console (VSCode) Affected versions 18.95.0 Patched versions 18.100.0 Description Update (May 19 13:37 UTC): Updated the timeline of the compromised VSCode extension. Added information about OpenVSX.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.