←back to thread

Malicious versions of Nx and some supporting plugins were published

(github.com)
441 points longcat | 1 comments | 27 Aug 25 01:38 UTC | HN request time: 0s | source
Show context
BobbyTables2 ◴[27 Aug 25 13:57 UTC] No.45039788[source]
ELI5, how was the malicious PR approved and merged?

Are they using AI for automated code review too?

replies(2): >>45039871 #>>45046546 #
1. danr4 ◴[27 Aug 25 14:03 UTC] No.45039871[source]
seems like the npm repo got hacked and the compromised version was just uploaded