The Nx build system suffered a supply chain attack on August 26, 2025, when attackers exploited a GitHub Actions workflow vulnerability to steal npm publishing tokens. The attack used a bash injection flaw in a pull_request_target trigger and targeted outdated branches that still contained vulnerable code. Nx responded by
Table of contents
The Overlooked Danger of pull_request_target #How Outdated Branches Became Attack Vectors #Immediate Move to Trusted Publishers #Comprehensive Security Overhaul #Industry Implications #Sort: