Malicious code in @nx/workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security de4f725d7676817771f8e239509ac7b8d148e2c69e16a7c8129d87e88f992988 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

MAL-2025-41442 Malicious code in @nx/workspace (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security de4f725d7676817771f8e239509ac7b8d148e2c69e16a7c8129d87e88f992988 The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NP...

@10xsai/cloudflare-router-nx-plugin (=1.0.0), @akanjs/config (>=0.0.4 <=0.0.34) +177 more potentially affected by CVE-2025-10894 via @nx/workspace (>=20.0.0-beta.0 <=20.9.0-canary.20250415-bc685ce)

@nx/workspace NPM version =20.0.0-beta.0, =0.0.4, =0.0.47, =0.0.1, =0.0.2, =0.0.4, =0.0.9, =0.0.0, =1.0.0, =1.0.0, =0.5.0, =0.4.1, =0.4.6 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXWORKSPACE-12205641...

@aws/nx-plugin (>=0.21.0 <=0.51.4), @caliobase/caliobase-nx (>=0.3.53 <=0.3.61) +69 more potentially affected by CVE-2025-10894 via @nx/workspace (>=21.0.0-beta.0 <=21.5.0-canary.20250904-2c678a1)

@nx/workspace NPM version =21.0.0-beta.0, =0.21.0, =0.3.53, =1.1.1, =2.1.1, =2.1.1, =2.1.1, =2.1.1, =0.0.1, =0.0.3, =0.0.1, =0.0.3, =0.0.3, =0.3.3 and more Source cves: CVE-2025-10894 Source advisory: SNYK:JS-NXWORKSPACE-12205641...

Embeded Malicious Code

Overview @nx/workspace is an AI-first build platform that connects everything from your editor to CI. Helping you deliver fast, without breaking things. Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named...