npm
Malicious @nx/enterprise-cloud @3.2.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 4:30 AM UTC
OSV ID
MAL-2025-41437
Ecosystem
npm
Summary
The nx project and associated plugins were compromised via a vulnerable GitHub workflow that allowed code injection and the theft of an NPM token.
Source: google-open-source-security (a8a1b6e74c68b5c6901f2ea242469aa5a34ffec9ddc3fb92267b3d1627123267)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.