Summary Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. Affected Versions of nx 21.5.0 Published at 6:32 PM 20.9.0 20.10.0 21.6.0 20.11.0 21.7.0 21.8.0 20.12.0 Published at 8:37 PM These versions have since been removed from NPM as of 10:44 PM EDT Affected Versions of @nx/devkit, @nx/js, @nx/workspace, @nx/node 21.5.0...