a clown car of clown cars that deploys another clown car, that explodes Text version: https://pivot-to-ai.com/2025/08/29/vibe-coded-build-system-nx-gets-hacked-steals-vibe-coders-crypto/

If any of your upstream dependencies has a .cursor folder, they're frickin' morons, and you need to remove that dependency pronto. Friends don’t let friends run vibe code.

AI coding in your supply chain is a red flag.

Patreon: https://www.patreon.com/davidgerard Ko-Fi: https://ko-fi.com/A1529D5 Buy me nice things: https://www.amazon.co.uk/hz/wishlist/ls/3Q8VZW46J6DM6 Get an extremely cool Pivot to AI shirt or mug: https://pivot-to-ai.redbubble.com

Sources:

Malicious versions of Nx and some supporting plugins were published https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c feat(repo): add GitHub Actions workflow to validate PR titles #32458 https://github.com/nrwl/nx/pull/32458/files#diff-0f55b87380c49811ff502d3f6b33e35e26dd5c22a69880c4415f6438a9f73672R26-R38 “What a PR” https://x.com/adnanthekhan/status/1958722939534417989 Supply Chain Security Alert: Popular Nx Build System Package Compromised with Data-Stealing Malware https://www.stepsecurity.io/blog/supply-chain-security-alert-popular-nx-build-system-package-compromised-with-data-stealing-malware

Full Pivot to AI playlist: https://www.youtube.com/playlist?list=UU9rJrMVgcXTfa8xuMnbhAEA