Homepage

nx@21.5.1-beta.3 vulnerabilities

The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration.

  • latest version

    21.4.1

  • latest non vulnerable version

    21.5.0-canary.20250904-ec1f1a4

  • first published

    14 years ago

  • latest version published

    13 days ago

  • licenses detected

  • View nx package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the nx package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Embeded Malicious Code

    nx is a The core Nx plugin contains the core functionality of Nx like the project graph, nx commands and task orchestration.

    Affected versions of this package are vulnerable to Embeded Malicious Code through a malicious postinstall script that triggers a file named telemetry.js. A malicious actor compromised the credentials of one of the maintainers, which allowed the attacker to publish tampered versions of the package to npm.

    How to fix Embeded Malicious Code?

    Avoid using all malicious instances of the nx package.

    >=21.5.0 <=21.8.0>=20.9.0 <=20.12.0
    Go back to all versions of this package