Nx Console VS Code Extension — Poisoned Extension Breaches 3,800 GitHub Internal Repos

AI relevance: AI coding agents (Claude Code, Cursor, Copilot) run inside the same VS Code extension environment that TeamPCP poisoned, meaning the same credential-harvesting payload could silently exfiltrate tokens from any developer or agent that auto-installs compromised extensions.

• TeamPCP, the threat group behind the Mini Shai-Hulud npm supply chain campaign, published a malicious version of Nx Console (v18.95.0) to both the Visual Studio Marketplace and Open VSX on May 18.
• The attacker posed as a legitimate Nx maintainer and uploaded the poisoned package without any manual approval from Nx administrators.
• The compromised extension fetched an obfuscated payload that harvested credentials from: Vault tokens, Kubernetes and AWS IAM auth, .npmrc/OIDC tokens, AWS IMDS/ECS metadata, GitHub tokens (ghp_/gho_/ghs_), 1Password op CLI vaults, private keys, and Docker credentials.
• The malicious extension was available for roughly 18 minutes before being unpublished and removed by Microsoft.
• GitHub confirmed that the breach resulted in exfiltration of ~3,800 internal repositories — directionally consistent with TeamPCP's public claims.
• The attack chain traces back to the TanStack npm supply chain compromise, which gave the attacker GitHub credentials of a legitimate Nx developer (CVE-2026-48027).
• Nx CEO Jeff Cross acknowledged the role their software played and announced publishing-pipeline hardening requiring two-admin approval going forward.

Why it matters

AI coding agents and developer tooling share the same VS Code extension trust surface. A poisoned extension doesn't just affect humans — any agent with workspace access that loads compromised tooling inherits the same credential-harvesting risk. The Mini Shai-Hulud campaign already demonstrated cascading supply chain compromise across Trivy, KICS, LiteLLM, TanStack, Red Hat Cloud Services, and 500+ npm packages. VS Code extensions are the next logical frontier.

What to do

• Audit all installed VS Code extensions for unexpected version changes or publisher impersonation.
• Review workflow run logs for Nx Console and other extensions for signs of compromise.
• Rotate any tokens or credentials that may have been accessible from developer workstations during the exposure window.
• Enforce publisher-approval gates for extension updates in team environments.
• Consider pinning extension versions in your team's dotfiles or workspace configuration.

Sources:

• Infosecurity Magazine — GitHub Breach Traced to Malicious Nx Console Extension
• Nx Console Security Advisory (GHSA-c9j4-9m59-847w)
• XDA — Poisoned VS Code Extension Led to GitHub Breach
• TeamPCP Incident Timeline — Mini Shai-Hulud Campaign