a clown car of clown cars that deploys another clown car, that explodes
Text version: https://pivot-to-ai.com/2025/08/29/vibe-coded-build-system-nx-gets-hacked-steals-vibe-coders-crypto/
If any of your upstream dependencies has a .cursor folder, they're frickin' morons, and you need to remove that dependency pronto. Friends don't let friends run vibe code.
AI coding in your supply chain is a red flag.
Patreon: https://www.patreon.com/davidgerard
Ko-Fi: https://ko-fi.com/A1529D5
Buy me nice things: https://www.amazon.co.uk/hz/wishlist/ls/3Q8VZW46J6DM6
Get an extremely cool Pivot to AI shirt or mug: https://pivot-to-ai.redbubble.com
Sources:
Malicious versions of Nx and some supporting plugins were published https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c
feat(repo): add GitHub Actions workflow to validate PR titles #32458 https://github.com/nrwl/nx/pull/32458/files#diff-0f55b87380c49811ff502d3f6b33e35e26dd5c22a69880c4415f6438a9f73672R26-R38
"What a PR" https://x.com/adnanthekhan/status/1958722939534417989
Supply Chain Security Alert: Popular Nx Build System Package Compromised with Data-Stealing
Malware https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware
Full Pivot to AI playlist: https://www.youtube.com/playlist?list=UU9rJrMVgcXTfa8xuMnbhAEA
