Vulnerable Claude code in GitHub action led to stolen NPM keys
Seems like a ton (over 1k) of people were affected because of an auto updating VS Code extension. Check your bashrc/zshrc and GitHub account if you use nx
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598cOpen linkView original on lemmy.world