Nx Console in check: how a productivity extension became a credentials theft and a threat to the supply chain

An attack directed at developers again revealed the fragility of the software supply chain: the Nx Console extension for editors such as Visual Studio Code, with more than 2.2 million facilities, published a compromised version (rwl.angular-console v18.95.0) that, when opening any work space, downloaded and executed an obuscated payload hosted in an orphan commit within the code of the official project. The vector combines engineering in the repository and local persistence to turn a productivity tool into a secret extractor.

According to public analysis, payload is a multi-line system of credentials theft and supply chain poisoning: it installs the runtime Bun to run an ofuscado JavaScript, avoids environments in Russian / CIS time zones, runs in the background and extracts secrets from local managers such as 1Password, Anthropic Claude Code configurations, npm tokens, GitHub keys and tokens and AWS. In addition, a back door in macOS was reported using the GitHub search API as a "dead drop" channel to receive orders, and exfiltration mechanisms including HTTPS, GitHub API and DNS tuned.

What raises the risk to a new level is integration with Sigstore and the ability to generate SLSA Provenance and Fulcio certificates, combined with stolen Npm tokens OIDC: an attacker that dominates these elements can publish packages with valid signatures and atstations that appear to be verified buildings, eroding one of the few cryptographic mechanisms designed to restore confidence in binary artifacts. This technique turns stolen credentials into a lever to poison dependent ecosystems.

The maintainers have attributed the root of the problem to committed credentials from one of their developers, which allowed an orphan commit to be uploaded to the affected repository. The exposure interval in which the malicious version was installed was short but sufficient: between May 18, 2026 at 14: 36 and 14: 47 CEST, according to the notice. Open VSX, the open distribution alternative, was not affected, which highlights how a single channel involved can be enough to impact millions of users.

The published commitment indicators include disk artifacts such as ~ / .local / share / kitty / cat.py, ~ / Library / LaunchAgens / com.user.kitty-monitor, / var / tmp / .gh _ update _ state and / tmp / kitty- *, as well as running processes associated with a python running cat.py or processes marked with _ _ DAEMONIZED = 1 in your environment. If you recognize any of these traces, you must act immediately.: stop suspicious processes, remove the indicated files and rotate all possible credentials from the compromised machine.

In addition to the urgent actions at the workstation level, there are essential measures in the defence of the supply chain: update the extension to the corrected version (18.100.0 or later), revoke and reissue tokens and keys (not only on the local team, but on CI / CD systems, repositories and cloud services), audit pipelines by devices published in the engagement window and check the integrity of any npm package published with recent certificates or assays. It is also appropriate to check network logs for tunneling DNS patterns and unusual calls to external APIs.

This incident recalls the August 2025 s1ngularity campaign and a recent wave of malicious npm packages that included from hidden ELF binaries to RATs and browser cookies robbers: the persistent threat is attacks that point directly at developers and pipelines rather than end users, because engaging those who sign, build or publish software multiplies the reach of the attacker. For those who manage projects and organizations this means strengthening controls on the maintenance accounts, limiting the scope of OIDC tokens, applying periodic rotation, enabling strong multifactor authentication (preferable with physical keys) and checking SLSA atstations in packages before accepting them in production.

The relevant repositories where you can check the official code and corrections are the Nx Console repository in GitHub ( https: / / github.com / nrwl / nx-console) and the Nx monorep ( https: / / github.com / nrwl / nx). To better understand the risk area that introduces the signature and provenance of artifacts, Sigstore's documentation is a useful reading ( https: / / sigstore.dev), and if you need to inspect the runtime involved in the payload execution, Bun's official page explains how it operates ( https: / / bun.sh).

In short, this incident confirms that the security of the supply chain depends both on technical controls in the repositories and CI / CD and on the hygiene of the endpoints of the developers. The immediate action for affected users is to update the extension, remove artifacts and processes, and rotate all credentials; the strategic action for equipment is to tighten access policies, reduce the vesting of permits and monitor the use of signatures and attestations in search of anomalies. Prevention and early detection remain the best defences against attacks that turn development tools into mass commitment vectors.