2,300+ Credentials Exposed in Nx Package Supply Chain Breach

Executive Summary

In August 2025, a significant supply chain breach targeted the Nx build platform, a widely-used open-source tool for managing monorepos and developer workflows. This sophisticated attack, known as s1ngularity, involved the publication of malicious npm packages, which infiltrated the software development community. The breach exploited vulnerabilities in GitHub Actions workflows and the npm publishing process, leading to the exposure of 2,349 distinct credentials, including GitHub access tokens, npm authentication keys, cloud API keys, and AI service tokens. The impact was extensive, affecting millions of developers who unknowingly installed compromised packages during routine workflows.

 Read the full breach analysis from NHI Mgmt Group here

Key Details

Breach Timeline

• Late July 2025: Security researchers detected suspicious activity linked to Nx packages.
• Early August 2025: Malicious npm packages were published, leading to widespread use amongst developers.
• Late August 2025: The breach was identified and reported, revealing extensive credential leaks.

Data Compromised

• 2,349 distinct credentials were exposed, including:
• GitHub access tokens, allowing unauthorized access to repositories.
• npm authentication keys, enabling package publishing under compromised accounts.
• Cloud API keys, risking exposure of cloud infrastructure.
• AI service tokens, potentially exploiting AI-based applications.

Impact Assessment

• The breach affected millions of developers who rely on Nx for managing their workflows.
• Organizations using compromised packages faced risks of unauthorized access and data breaches.
• Trust in the npm repository was shaken, prompting calls for enhanced security measures.

Company Response

• Immediate investigation launched to identify the source of the malicious packages.
• Guidelines issued for developers to revoke compromised credentials and secure their accounts.
• Collaboration with security experts to strengthen npm publishing processes.

Security Implications

• The attack highlighted the vulnerabilities in software supply chains that need addressing.
• Developers are urged to adopt best practices for securing their development environments.
• This incident underscores the importance of continuous monitoring for suspicious activities.

 If you want to learn more about how to secure NHIs including AI Agents, check our NHI Foundational Training Course.