Critical: Compromised Nx Console version 18.95.0 (opens in new tab)

(github.com)

2 pointsurbandw311er7d ago2 comments

2 comments

Ouch: critical supply chain attack in one of the most popular VS Code Extensions (2.2M installs)

I was bitten by this today - the payload dropped a Python C2 backdoor and LaunchAgent. (fortunately, it failed to run due to failed dependencies...)

Incidentally, my local install was almost 2 hours after the maintainers claim they pulled it from the marketplace so the real-world exposure window appears to have been substantially longer than 11 minutes.

`2026-05-18 16:34:11.092 [info] Extracted extension to .../nrwl.angular-console-18.95.0`

urbandw311erOP7d ago

Incidentally, this is one of the first times where an LLM was genuinely useful in helping me quarantine & identify the issue with a degree of certainty.

If you want further information on how the attack was obfuscated & executed, I posted in the nx-console Issues board [here](https://github.com/nrwl/nx-console/issues/3140) - (apols for the LLM-assisted post, as you would imagine I was in something of a hurry to report it)

j / k navigate · click thread line to collapse

2 comments

urbandw311erOP7d ago

Ouch: critical supply chain attack in one of the most popular VS Code Extensions (2.2M installs)

I was bitten by this today - the payload dropped a Python C2 backdoor and LaunchAgent. (fortunately, it failed to run due to failed dependencies...)

`2026-05-18 16:34:11.092 [info] Extracted extension to .../nrwl.angular-console-18.95.0`

urbandw311erOP7d ago

Incidentally, this is one of the first times where an LLM was genuinely useful in helping me quarantine & identify the issue with a degree of certainty.

j / k navigate · click thread line to collapse