Sign in Create account

#debugjs — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #debugjs, aggregated by home.social.

Johannes Schnatterer @[email protected] · 2025-09-18 · 16:45 UTC

TLDR recent #npm supply chain attacks
🗓️ 26 Aug: #nx packages compromised stealing SSH keys, npm tokens, and .gitconfig files and weaponized AI CLI tools 😱 upload to repo named #S1ngularity
HackerNews: https://news.ycombinator.com/item?id=45034496
GHSA-cxm3-wv7p-598c: https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
🗓️ 8 Sep: #chalk, #debugjs and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️
See
HackerNews: https://news.ycombinator.com/item?id=45169794
CVE-2025-59144: https://github.com/advisories/GHSA-4x49-vf9v-38px

#npm #nx #s1ngularity #chalk #qix #debugjs