Investigations into the Nx “s1ngularity” NPM provide chain assault have unveiled a large fallout, with hundreds of account tokens and repository secrets and techniques leaked.
In keeping with a post-incident analysis by Wiz researchers, the Nx compromise has resulted within the publicity of two,180 accounts and seven,200 repositories throughout three distinct phases.
Wiz additionally careworn that the incident’s scope of affect stays vital, as most of the leaked secrets and techniques stay legitimate, and so the impact remains to be unfolding.
The Nx “s1ngularity” provide chain assault
Nx is a well-liked open-source construct system and monorepo administration device, extensively utilized in enterprise-scale JavaScript/TypeScript ecosystems, having over 5.5 million weekly downloads on the NPM package deal index.
On August 26, 2025, attackers exploited a flawed GitHub Actions workflow within the Nx repository to publish a malicious model of the package deal on NPM, which included a post-install malware script (‘telemetry.js’).
The telemetry.js malware is a credential stealer concentrating on Linux and macOS methods, which tried to steal GitHub tokens, npm tokens, SSH keys, .env information, crypto wallets, and add the secrets and techniques to public GitHub repositories named “s1ngularity-repository.”
What made this assault stand out was that the credential-stealer to used put in command-line instruments for synthetic intelligence platforms, corresponding to Claude, Q, and Gemini, to seek for and harvest delicate credentials and secrets and techniques utilizing LLM prompts.
Supply: Wiz
Wiz reviews that the immediate modified over every iteration of the assault, exhibiting that the risk actor was tuning the immediate for higher success.
“The evolution of the immediate reveals the attacker exploring immediate tuning quickly all through the assault. We will see the introduction of role-prompting, in addition to various ranges of specificity on methods,” defined Wiz.
“These adjustments had a concrete affect on the success of the malware. The introduction of the phrase “penetration testing”, for instance, was concretely mirrored in LLM refusals to interact in such exercise.”
A large blast radius
Within the first section of the assault, between August 26 and 27, the backdoored Nx packages immediately impacted 1,700 customers, leaking over 2,000 distinctive secrets and techniques. The assault additionally uncovered 20,000 information from contaminated methods.
GitHub responded by taking down the repositories the attacker created after eight hours, however the information had already been copied.
Between August 28 and 29, which Wiz defines as section 2 of the incident, the attackers used the leaked GitHub tokens to flip personal repositories to public, renaming them to incorporate the ‘s1ngularity’ string.
This has resulted within the additional compromise of one other 480 accounts, nearly all of which have been organizations, and the general public publicity of 6,700 personal repositories.
Within the third section, which started on August 31, the attackers focused a single sufferer group, using two compromised accounts to publish an extra 500 personal repositories.
Supply: Wiz
Nx’s response
The Nx workforce printed an in depth root trigger evaluation on GitHub explaining that the compromise got here from a pull request title injection mixed with the insecure use of pull_request_target.
This allowed the attackers to run arbitrary code with elevated permissions, which in flip triggered Nx’s publish pipeline and exfiltrated the npm publishing token.
The malicious packages have been eliminated, the compromised tokens have been revoked and rotated, and two-factor authentication has been adopted throughout all writer accounts.
To forestall a recurrence of such a compromise, the Nx venture has now adopted NPM’s Trusted Writer mannequin, which eliminates token-based publishing, and added guide approval for PR-triggered workflows.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
