At least 1.4k people are learning today that they have a new repository prefixed by s1ngularity-repository in their GitHub account. This repository was created by a malicious post-install command discovered in the popular nx build kit. That malware steals wallets and API keys (`.npmrc`, env variables, etc.) and pushes them in that repository in the results.b64 file. Interestingly, the malware checks for the presence of Claude Code CLI or Gemini CLI on the system to offload much of the fingerprintable code to a prompt.
Ongoing Security Alert: Investigation and remediation continues as new information becomes available. Check back for updates. Last updated 2025-08-27 12:00 UTC
TL;DR What You Should Do Now
Are you impacted?
Check your Github organization for evidence of compromise: https://github.com/search?q=org%3A%3CYOURORG%3E+s1ngularity-repository&type=repositories ; check regularly.
Are you using a compromised version of nx?
Run semgrep --config r/oqUk5lJ/semgrep.ssc-mal-resp-2025-08-nx-build-compromised to find if any of your packages are using a vulnerable version of nx .
Alternatively, you can run nx –version or check your lockfile to see if you are running one of the impacted versions of nx :
... continue reading