←back to thread

Malicious versions of Nx and some supporting plugins were published

(github.com)
441 points longcat | 1 comments | 27 Aug 25 01:38 UTC | HN request time: 0.203s | source
Show context
snovymgodym ◴[27 Aug 25 13:35 UTC] No.45039484[source]
Claude code is by all accounts a revolutionary tool for getting useful work done on a computer.

It's also:

- a NodeJS app

- installed by curling a shell script and piping it into bash

- an LLM that's given free reign to mess with the filesystem, run commands, etc.

So that's what, like 3 big glaring vectors of attack for your system right there?

I would never feel comfortable running it outside of some kind of sandbox, e.g. VM, container, dedicated dev box, etc.

replies(3): >>45039575 #>>45039684 #>>45039901 #
saberience ◴[27 Aug 25 14:05 UTC] No.45039901[source]
So what?

It doesn't run by itself, you have to choose to run it. We have tons of apps with loads of permissions. The terminal can also mess with your filesystem and run commands... sure, but it doesn't open by itself and run commands itself. You have to literally run claude code and tell it to do stuff. It's not some living, breathing demon that's going to destroy your computer while you're at work.

Claude Code is the most amazing and game changing tool I've used since I first used a computer 30 years ago. I couldn't give two fucks about its "vectors of attack", none of them matter if no one has unauthorized access to my computer, and if they do, Claude Code is the least of my issues.

replies(2): >>45039955 #>>45047068 #
OJFord ◴[27 Aug 25 14:08 UTC] No.45039955[source]
It doesn't have to be a deliberate 'attack', Claude can just do something absurdly inappropriate that wasn't what you intended.

You're absolutely right! I should not have `rm -rf /bin`d!

replies(2): >>45040158 #>>45041055 #
bethekidyouwant ◴[27 Aug 25 14:24 UTC] No.45040158[source]
I don’t use Claude, but can it really run commands on the cli without human confirmation? Sure there may be a switch to allow this but If in that case all but the most yolo must be using it in a container?
replies(3): >>45040265 #>>45040352 #>>45042391 #
1. mr_mitm ◴[27 Aug 25 14:38 UTC] No.45040352[source]
There are scenarios in which you allow it to run python or uv for the session (perhaps because you want it to run tests on its own), and then for whatever reason it could run `subprocess.run("rm -rf / --no-preserve-root".split())` or something like that.

I use it in a container, so at worst it can delete my repository.