←back to thread

Nx compromised: malware uses Claude code CLI to explore the filesystem

(semgrep.dev)
493 points neuroo | 2 comments | 27 Aug 25 12:18 UTC | HN request time: 0s | source
Show context
JdeBP ◴[27 Aug 25 12:55 UTC] No.45038993[source]
> Are you using a compromised version of nx?

> Run semgrep --config [...]

> Alternatively, you can run nx –version [...]

Have we not learned, yet? The number of points this submission has already earned says we have not.

People, do not trust security advisors who tell you to do such things, especially ones who also remove the original instructions entirely and replace them with instructions to run their tools instead.

The original security advisory is at https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7... and at no point does it tell you to run the compromised programs in order to determine whether they are compromised versions. Or to run semgrep for that matter.

replies(5): >>45039083 #>>45040461 #>>45041384 #>>45041551 #>>45042038 #
dudeinjapan ◴[27 Aug 25 13:02 UTC] No.45039083[source]
Are you affected? Run the affected program. OK, now you are definitely affected.
replies(2): >>45039230 #>>45041280 #
1. baxtr ◴[27 Aug 25 15:47 UTC] No.45041280[source]
It might be even better than that:

Create a blog post about a security issue. Post it on HN and get upvotes. Find people who believe they might be affected. Let them run the affected program. Boom.

replies(1): >>45041752 #
2. ghurtado ◴[27 Aug 25 16:24 UTC] No.45041752[source]
Either I've grown old and bitter enough that I think this is likely the case, or this is just a rational take and most likely what happened.

I'm not sure which is worse.