A Poisoned VS Code Extension Breached 3,800 GitHub Repos, The Nx Console Attack
A malicious Nx Console build pushed via auto-update harvested developer secrets and exposed thousands of internal repositories in minutes.
In May 2026, a malicious version of the popular Nx Console extension for Visual Studio Code was published for roughly 11 to 18 minutes before being pulled, long enough to do real damage. The extension, with more than two million installs, shipped through VS Code's automatic update mechanism, meaning developers who already had it got the poisoned build with no action of their own. The payload harvested secrets from cloud accounts, CI/CD pipelines, password managers, and AI coding assistants, and GitHub later confirmed roughly 3,800 internal repositories were exfiltrated as a result.
Quick answer
A trojanized Nx Console build (version 18.95.0, published May 18, 2026) was live for only 11 to 18 minutes but reached a large installed base instantly through VS Code's automatic update, so developers were hit with no action of their own. The payload swept machines for GitHub, npm, AWS, HashiCorp Vault, Kubernetes, and 1Password credentials, and GitHub confirmed about 3,800 internal repositories were exfiltrated. If you had Nx Console installed that week, assume every secret on that machine is burned and rotate all of them now, then audit your GitHub access logs.
Key takeaways
- A trojanized Nx Console build (version 18.95.0, published May 18, 2026) was live for only minutes but spread through auto-update to systems that already had the extension installed.
- The payload harvested credentials from GitHub, npm, AWS, HashiCorp Vault, Kubernetes, and 1Password, anything it could find on the developer's machine.
- GitHub disclosed on May 19 that about 3,800 internal repositories were exfiltrated after a poisoned extension compromised an employee device.
- CISA issued an alert on the Nx Console supply-chain compromise; the threat actor was tracked as "TeamPCP."
- This is part of a broader 2026 trend, malicious extension detections roughly quadrupled in 2025, and the GlassWorm campaign abused dozens of Open VSX extensions in parallel.
Why developer tools are the new soft target
A developer's laptop is a treasure chest. It holds cloud keys, package-registry tokens, source code, CI/CD credentials, and increasingly the API keys for AI coding assistants. An IDE extension runs with the developer's full privileges and can read files and run code, so compromising a trusted extension gives an attacker everything at once, without touching the company's perimeter.
What makes the Nx Console attack especially nasty is the delivery: auto-update. Developers did not download anything or click a bad link. The extension they had trusted for months silently updated to a malicious build in the background. The window was tiny, minutes, but auto-update pushed it to a large installed base instantly.
What the payload did
Once the poisoned build ran, it fetched and executed an obfuscated payload that swept the machine for secrets across a wide range of sources:
- Cloud providers, AWS and other cloud credentials.
- Package registries, npm and similar tokens that could enable further supply-chain attacks.
- Secrets managers, HashiCorp Vault and Kubernetes credentials.
- Password managers, including 1Password data.
- AI coding assistants, API keys and tokens.
With GitHub credentials in hand, the attacker exfiltrated roughly 3,800 internal repositories. The stolen registry tokens are the more frightening part long-term, because they can seed the next supply-chain attack, a poisoned npm package or extension published under a legitimate maintainer's identity.
Here is what each class of stolen secret puts at risk and how urgently to rotate it:
| Secret type | What the attacker can do | Rotation priority |
|---|---|---|
| GitHub PAT / SSH key | Clone private repos, push poisoned commits | Immediate |
| npm / registry token | Publish malicious packages as you | Immediate |
| AWS / cloud keys | Spin up resources, reach production data | Immediate |
| Vault / Kubernetes creds | Reach internal secrets and clusters | Immediate |
| 1Password / manager data | Unlock everything else stored there | Immediate (change master) |
| AI assistant API keys | Run up charges, access connected data | High |
Warning
If you had Nx Console installed in May 2026, assume the secrets that were on that machine are compromised, cloud keys, registry tokens, and anything your password manager had unlocked. Rotate them all.
What to do if you might be affected
- Check your extension version and history. Confirm whether your VS Code (or a forked editor) had Nx Console around May 18, 2026, and whether it pulled the 18.95.0 build via auto-update.
- Rotate every credential on the machine. AWS keys, npm and other registry tokens, GitHub PATs and SSH keys, Vault and Kubernetes tokens, and any AI assistant API keys. Treat them all as burned.
- Audit your password manager. If a manager like 1Password was unlocked on that machine, change the master password and rotate high-value stored credentials.
- Review GitHub access logs. Look for repository clones, new deploy keys, or token usage from unfamiliar locations after the incident window.
- Lock down extension auto-update going forward. Consider pinning critical extensions, vetting updates, and restricting which extensions are allowed on developer machines. Audit what is installed, our guide to auditing browser extensions for security applies the same scrutiny to the browser side.
Hardening against the next one
The Nx Console attack will not be the last. To reduce blast radius:
- Minimize long-lived secrets on dev machines. Use short-lived, scoped tokens and cloud SSO instead of static keys wherever possible.
- Vet and pin extensions. Treat IDE extensions like any other dependency, review the publisher, watch for sudden permission or ownership changes, and remove anything you do not actively use.
- Segment developer credentials. A token that can publish to your package registry should not be sitting in plaintext where any extension can read it.
- Watch the registries. Because stolen npm tokens enable downstream attacks, this connects directly to incidents like the npm Red Hat "Miasma" supply-chain attack.
Frequently asked questions
I never manually updated Nx Console. Could I still be affected?
Yes, that is the core problem. VS Code's auto-update mechanism delivered the malicious build to systems that already had the extension, with no manual action required. Check your version history rather than assuming you are safe.
How was the window only minutes if the damage was so large?
Auto-update pushes to a large installed base almost instantly, and an extension runs with the developer's privileges, so it can harvest secrets in seconds. A short publishing window can still reach many machines and exfiltrate a lot of data.
What is the single most important response step?
Rotate credentials. The breach is fundamentally a credential-theft event, and the stolen tokens are what enable repository theft and follow-on supply-chain attacks. Rotate everything that was reachable on the affected machine.
Are other editors and extension marketplaces at risk?
Yes. The 2026 GlassWorm campaign abused dozens of extensions on Open VSX, which feeds many VS Code forks. The risk is structural to extension ecosystems, not unique to one marketplace.
The bottom line
The Nx Console attack shows how a trusted developer tool plus silent auto-update can turn into a fleet-wide credential heist in minutes. If you had it installed, rotate every secret that lived on that machine, audit your GitHub access, and start treating IDE extensions like the privileged code they are, vetted, pinned, and pruned.
Sources & further reading
- cisa.gov/news-events/alerts/2026/05/28/supply-chain-compromises-impact-nx-console-and-github-repositories
- thehackernews.com/2026/05/github-internal-repositories-breached.html
- aikido.dev/blog/github-breached-vs-code-extension
- getsecureslate.com/blog/github-security-breach-2026-vs-code-extension
- thehackernews.com/2026/03/glassworm-supply-chain-attack-abuses-72.html
