Malicious code in @nx/js (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3c2a892d723eab92005e851787f5a482f8d1a64259e6dda10ee1d097c0123a84 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

@aws/nx-plugin (>=0.21.0 <=0.51.4), @caliobase/caliobase-nx (>=0.3.53 <=0.3.54) +67 more potentially affected by CVE-2025-10894 via @nx/js (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)

@nx/js NPM version =21.0.0-beta.0, =0.21.0, =0.3.53, =1.1.1, =2.1.1, =2.1.1, =2.1.1, =2.1.1, =0.0.1, =0.0.3, =0.0.1, =0.0.3, =0.0.3, =0.3.3 and more Source cves: CVE-2025-10894 Source advisory: OSV:MAL-2025-41439...

@aws/nx-plugin (>=0.21.0 <=0.51.4), @caliobase/caliobase-nx (>=0.3.53 <=0.3.54) +67 more potentially affected by CVE-2025-10894 via @nx/js (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)

@nx/js NPM version =21.0.0-beta.0, =0.21.0, =0.3.53, =1.1.1, =2.1.1, =2.1.1, =2.1.1, =2.1.1, =0.0.1, =0.0.3, =0.0.1, =0.0.3, =0.0.3, =0.3.3 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXJS-12205638...