A post-incident analysis of the Nx “s1ngularity” NPM supply chain attack has revealed a sweeping breach of developer credentials and sensitive repository data, impacting over 2,100 accounts and 7,200 repositories. Conducted in three distinct phases, the attack exploited a misconfigured GitHub Actions workflow to insert malware into the popular Nx package—a build system and monorepo manager with over 5.5 million weekly downloads.
The malicious package, pushed to NPM on August 26, 2025, executed a telemetry.js post-install script that stole sensitive information from Linux and macOS systems. This included GitHub and NPM tokens, SSH keys, environment files, and even cryptocurrency wallets. These credentials were exfiltrated to public repositories under the attacker-controlled “s1ngularity-repository” namespace.
What set this attack apart was its innovative use of installed command-line tools for large language model (LLM) platforms like Claude, Q, and Gemini. By crafting and tuning LLM prompts, the attackers weaponized AI assistants to sift through local files and extract secrets—showing rapid iterations in prompt engineering techniques for increased success, including role prompting and evasion strategies to bypass LLM safeguards.
The fallout was fast and expansive. In phase one, over 2,000 secrets and 20,000 files were leaked from 1,700 systems. GitHub took down the malicious repositories within eight hours, but not before the data had been replicated. During phase two (Aug 28–29), attackers used stolen GitHub tokens to make private repositories public—impacting 480 mostly organizational accounts and leaking an additional 6,700 repositories. A final phase on August 31 targeted one organization and published 500 more private repositories through compromised accounts.
Nx responded with transparency, publishing a root cause analysis showing the compromise stemmed from a pull request title injection combined with the insecure use of pull_request_target. This allowed arbitrary code execution with elevated privileges, hijacking the publishing pipeline and leaking the NPM token. In response, Nx revoked tokens, enabled 2FA for all publisher accounts, and adopted NPM’s Trusted Publisher model with stricter PR workflows.
The Nx “s1ngularity” incident underscores the evolving nature of supply chain attacks—particularly the use of generative AI for credential harvesting and exfiltration. Developers and organizations must harden CI/CD pipelines, embrace Trusted Publishing, and monitor LLM-integrated developer tools for potential abuse. The blast radius of this attack—thousands of tokens, secrets, and repositories—demonstrates just how quickly misconfigurations can be weaponized at scale.
