This is an interesting analysis and a cautionary tale about vibe coding:
"The root cause for the malicious version of Nx published to npm is now known to have been a flawed GitHub Actions CI workflow [...] the code contribution is estimated to have been generated by Claude Code."
"the payload weaponized local AI coding agents (claude, gemini, and q) via a dangerous prompt to inventory sensitive files and then exfiltrate secrets, credentials, and sensitive data off of the host and on to a public GitHub repo"
"The root cause for the malicious version of Nx published to npm is now known to have been a flawed GitHub Actions CI workflow [...] the code contribution is estimated to have been generated by Claude Code."
"the payload weaponized local AI coding agents (claude, gemini, and q) via a dangerous prompt to inventory sensitive files and then exfiltrate secrets, credentials, and sensitive data off of the host and on to a public GitHub repo"