Vulnerable Claude code in GitHub action led to stolen NPM keys
Vulnerable Claude code in GitHub action led to stolen NPM keys
github.com
Malicious versions of Nx and some supporting plugins were published
Seems like a ton (over 1k) of people were affected because of an auto updating VS Code extension. Check your bashrc/zshrc and GitHub account if you use nx