On August 26, 2025, the open-source ecosystem was shaken by a new supply chain attack that targeted Nx, a popular build system used by thousands of developers. Malicious package versions were published to npm, silently stealing sensitive developer assets like GitHub tokens, SSH keys, npm credentials, and even crypto wallets.

The attack, dubbed s1ngularity after the names of the repositories opened for the breach, went beyond a typical package compromise. It marks the first known supply chain attack to actively search for installed LLM tools on developer machines in order to extract more secrets from the victim. 

By abusing AI developer tools, the attackers exfiltrated the harvested secrets from the infected assets to public repositories on GitHub, exposing them to anyone with access. This is especially alarming given past research by the Orca Research Pod, which found that exposed secrets on GitHub are often discovered by attackers in under 2 minutes, highlighting the severe risk for affected organizations.   

The incident serves as a stark reminder of how quickly software supply chain threats evolve and why defenders must broaden their focus from runtime workloads to the full developer pipeline.

What happened: the technical breakdown

The attackers injected a malicious post-install script into multiple Nx package versions, including:

  • nx: 20.9.0–20.12.0, 21.5.0–21.8.0
  • @nx/devkit, @nx/enterprise-cloud, @nx/js, @nx/key, @nx/node, @nx/workspace across overlapping versions

Once installed, the script:

  • Enumerated developer environments and harvested secrets.
  • Targeted Linux and macOS endpoints, including VS Code extensions and CI/CD pipelines.
  • Leveraged AI tools with weak security defaults, using flags like --dangerously-skip-permissions, --yolo, and --trust-all-tools to bypass protections.
  • Double- and triple-base64 encoded the data before exfiltration.
  • Created public GitHub repositories with names like s1ngularity-repository to upload stolen files.

Artifacts observed included:

  • A file named /tmp/inventory.txt containing sensitive data.
  • Modifications to ~/.bashrc and ~/.zshrc to persist malicious commands.
  • A telemetry.js file embedded into post-install logic.

By the time GitHub disabled the attacker-controlled repos at 9 AM UTC on August 27, thousands of secrets had likely already been exposed.

Why it matters: beyond npm and Nx

While the direct impact was on Nx users, the broader implications are critical:

  1. AI as an attack surface: This is one of the first observed attacks that deliberately abused AI command-line tooling. It signals a growing trend: AI assistants and developer agents, if misconfigured, can become powerful exfiltration vectors.
  2. CI/CD and cloud exposure: Compromised developer machines are often entry points into production cloud workloads. Stolen tokens or SSH keys can quickly translate into full control of cloud assets.
  3. The expanding supply chain threat: Similar incidents in the past year—such as the XZ Utils backdoor, typosquatting campaigns on npm, and malicious Python PyPI uploads—show that attackers are increasingly targeting trust relationships within open-source ecosystems.

How to defend against attacks like s1ngularity

Immediate steps for Nx users

  • Remove malicious versions and upgrade to the latest safe releases.
  • Clear npm cache (npm cache clean --force).
  • Inspect and clean ~/.bashrc and ~/.zshrc.
  • Delete /tmp/inventory.txt if present.
  • Rotate all credentials (SSH, GitHub, npm, crypto wallets).
  • Audit developer endpoints and CI/CD logs for artifacts.

Long-term lessons for all organizations

  • Secure the developer environment: Developers are now a prime target. Treat developer machines and pipelines as production assets with monitoring, detection, and policy enforcement.
  • SBOM and dependency tracking: Maintain a full SBOM to rapidly identify when compromised packages enter your environment.
  • CI/CD hardening: Ensure pipelines use short-lived credentials and enforce least privilege.
  • AI tool security: Apply strict policies to AI assistants, avoid permissive flags, and monitor how they interact with source code and secrets.

How Orca helps

At Orca, we recognize that the software supply chain is the new front line of cloud security. The Orca Cloud Security Platform helps organizations defend against incidents like s1ngularity through:

  • SBOM analysis and vulnerability context: Instantly surface where malicious packages have been installed, across workloads and pipelines.
  • Exposure detection: Identify if stolen tokens or SSH keys are still active in cloud accounts.
  • AI and API Security: Monitor how AI developer tools interact with your environment to ensure they don’t become unintended data exfiltration channels.
  • Comprehensive coverage: From developer endpoints to runtime workloads, Orca delivers full-stack visibility and detection without requiring agents.

Closing thoughts

The s1ngularity attack underscores a troubling trend: attackers no longer need to breach production infrastructure directly, they can compromise the open-source tools developers trust every day. As AI increasingly becomes part of the development workflow, the attack surface will only expand.

Organizations must rethink supply chain security as part of their broader cloud defense strategy. With Orca Security, you gain not only visibility into your runtime assets, but also the context to secure your developers, pipelines, and cloud workloads against the evolving supply chain threat landscape.

About the Orca Cloud Security Platform

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection. 

Learn more

Interested in discovering the benefits of the Orca Platform? Schedule a personalized 1:1 demo.