nrwl.angular-console @18.95.0
Vulnerability report · Last retrieved from osv.dev June 23, 2026 at 3:29 AM UTC
OSV ID
MAL-2026-5162
Ecosystem
vscode
Summary
The compromised version of the Nx Console VS Code extension contains malicious code injected into its main execution file. When a developer opens a workspace, the extension triggers a background task to download and execute an obfuscated payload from a remote repository. This payload performs anti-analysis checks and runs as a daemon to collect sensitive credentials, cloud tokens, and secrets from the developer's environment. The harvested data is exfiltrated via HTTPS, GitHub APIs, and DNS tunneling. The malware also establishes persistence through a macOS LaunchAgent and a Python backdoor, using the GitHub Search API as a command and control channel. The impact of this compromise includes the potential theft of AWS, GCP, Azure, npm, SSH, and Vault secrets, leading to unauthorized access to internal repositories and infrastructure.
Source: google-open-source-security (12636eadc931d19fc68ca6d30f5397404c6b782a67537c770c944ed9337a4125)
Protect your entire dependency tree
Scan your lock files automatically on every PR. Block malicious packages before they reach production.