Skip to content

The recently published NPM version (21.7.0) contains malware? #32523

New issue
New issue
Closed
Bug
Closed
The recently published NPM version (21.7.0) contains malware?#32523
Bug
Labels
status: closed / duplicatetype: bug
@TimShilov

Description

@TimShilov
TimShilov
opened on Aug 27, 2025

Current Behavior

I just saw an automated update PR created by Renovate in one of my repos containing update for nx to version 21.7.0.

The latest version on NPM is indeed 21.7.0 and it was published ~11 minutes ago.
However this version isn't present in GitHub releases.

Image

Looking at the diff, it seems like it contains some kind of malware that gathers information about the system, checks for available CLIs and makes some GitHub requests? 😕

Image Image

Expected Behavior

I expect this to be un-published.

GitHub Repo

No response

Steps to Reproduce

Just check the latest version on NPM.

Nx Report

Not relevant.

Failure Logs



Package Manager Version


No response


Operating System


    

  •  macOS
    • 

  •  Linux
    • 

  •  Windows
    • 

  •  Other (Please specify)
    • 



Additional Information


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    status: closed / duplicatetype: bug
    Type
    Bug
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions