npm package
@nx/devkit
pkg:npm/%40nx/devkit
Malware
3 malicious versions on record
One or more versions of this package have been flagged as containing malicious code. Audit any system that installed an affected version.
- MAL-2025-41436Malicious code in @nx/devkit (npm)Aug 27, 2025
- GHSA-cxm3-wv7p-598c#3Malicious versions of Nx were publishedAug 27, 2025
- GHSA-cxm3-wv7p-598c#16Malicious versions of Nx were publishedAug 27, 2025
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10894 | Cri | 9.6 | — | — | Sep 24, 2025 | Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them |
Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them