Researchers at Wiz have detailed a significant supply chain compromise involving NX, a widely used open-source build and monorepo platform for JavaScript/TypeScript. The s1ngularity-led intrusion affected 2,180 accounts and exposed contents from 7,200 repositories, with a portion of stolen secrets still valid—underscoring systemic risk across CI/CD workflows and package ecosystems.
Scope and impact: active secrets and exposed assets
The incident unfolded in multiple phases across late August 2025. In the first wave (August 26–27), compromised NX builds impacted roughly 1,700 users, resulting in leakage of over 2,000 unique secrets and exposure of about 20,000 files from infected machines. During the second wave (August 28–29), attackers leveraged stolen GitHub tokens to flip private repositories to public, compromising an additional 480 accounts and exposing data from 6,700 private repos. A third wave (from August 31) targeted a specific organization, publishing another 500 private repositories via two previously compromised accounts.
Attack vector: GitHub Actions workflow abuse and malicious npm builds
According to the NX team’s root-cause analysis, a workflow misconfiguration in GitHub Actions allowed remote code execution by processing a crafted pull request header. Attackers used this foothold to publish tainted NX packages to npm that included a post-install script (telemetry.js), which executed automatically on installation.
The malware functioned as an infostealer targeting Linux and macOS. It harvested GitHub and npm tokens, SSH keys, .env files, and cryptocurrency wallet data. Exfiltration occurred to public GitHub repositories named in the pattern s1ngularity-repository (including -0 and -1 variants). At least three distinct payloads were propagated during the initial stage of the supply chain compromise.
Novel element: AI-assisted exfiltration and defense evasion
A notable dimension of this campaign is the first publicly documented use of command-line AI tools (Claude, Google Gemini, Amazon Q) to automate and optimize the discovery of sensitive data within codebases and developer environments. Attackers iterated on prompts to improve signal-to-noise in secret extraction and to adapt to protective controls, effectively shortening time-to-exfiltration and broadening impact.
Residual risk: still-valid tokens and expanding blast radius
Wiz assesses that the number of affected users who installed malicious NX versions is likely higher than current counts indicate. Crucially, roughly 100 unique npm tokens—more than 40% of those stolen in the first wave—remain active. Approximately 5% of compromised GitHub tokens also remain valid. These active credentials facilitate ongoing unauthorized access and potential lateral movement within organizations, even after initial containment.
Why this matters to DevSecOps and JS/TS teams
The NX incident demonstrates how a single workflow weakness can cascade across the software supply chain—from CI/CD to package registries—resulting in widespread distribution of malicious artifacts. The combination of automated package installation scripts, overly permissive tokens, and AI-accelerated reconnaissance magnifies the operational impact for JavaScript/TypeScript teams. The event aligns with broader guidance from frameworks such as NIST SSDF (SP 800-218) and SLSA, emphasizing least privilege, signed provenance, and continuous verification.
Actionable mitigation: immediate steps and process hardening
Immediate containment
– Rotate all potentially affected GitHub and npm tokens; revoke and reissue SSH keys.
– Reinstall NX from trusted sources; verify package integrity and lockfiles.
– Audit .env files and wallet data for compromise; monitor for suspicious access.
– Review repository and organization permissions; revert unintended public exposures.
Hardening CI/CD and developer workflows
– Restrict GITHUB_TOKEN permissions via explicit permissions in workflows; enforce least privilege.
– Block untrusted code execution from PRs, especially from forks; sanitize PR metadata and headers.
– Adopt OIDC-based short-lived credentials for CI to reduce token blast radius.
– Enforce 2FA/SSO, mandatory secret rotation, and IP/CIDR scoping for npm tokens; enable provenance/attestations.
– Turn on secret scanning and alerts; continuously monitor CI/CD logs and dependency changes for anomalies.
– Align with NIST SSDF and SLSA controls to standardize supply chain assurance.
The s1ngularity campaign is a clear reminder that supply chain security hinges on disciplined secret management, CI/CD hygiene, and readiness for adversaries already weaponizing AI. Teams should reassess GitHub Actions configurations and npm token policies, complete an immediate secret inventory and rotation, and drill incident response for supply chain scenarios to reduce time-to-detection and limit blast radius.
