What Happened
Attackers compromised the Nx Console VS Code extension and published a malicious version to the Visual Studio Marketplace. This version exfiltrated authentication tokens from developers who installed or updated it, allowing attackers to access 3,800 internal GitHub repositories. The malicious extension was available for about 18 minutes before it was detected and removed.
GitHub has linked this breach to TeamPCP, the group behind the TanStack npm supply-chain attack, indicating a coordinated campaign targeting developer tools in the JavaScript ecosystem.
Timeline
T+0: Attackers publish compromised Nx Console extension to Visual Studio Marketplace.
T+18 minutes: Malicious extension removed from marketplace.
T+[unknown]: GitHub detects unauthorized repository access using stolen tokens.
T+[current]: GitHub is rotating compromised secrets and investigating the full scope.
The 18-minute window was critical. Any developer who installed or updated Nx Console during this time may have had their credentials stolen. The breach was discovered only after unauthorized access to repositories occurred.
Which Controls Failed or Were Missing
Extension vetting and signing: The Visual Studio Marketplace published a compromised extension. No cryptographic verification prevented the malicious update from replacing the trusted version.
Token scope limitation: The stolen credentials accessed 3,800 repositories, suggesting overly permissive Personal Access Tokens (PATs) or OAuth tokens without proper scope restrictions.
Anomalous access detection: The breach was undetected until repository access occurred. No alerts were triggered on credential usage from unexpected locations or devices.
Secret rotation cadence: Long-lived tokens allowed persistent access after the compromise. Without automatic expiration, stolen credentials remained valid indefinitely.
Build environment isolation: Developer workstations with direct repository access created a single point of failure. There was no network segmentation or privileged access management to separate development environments from production code repositories.
What the Standards Require
PCI DSS v4.0.1 Requirement 8.3.2 mandates multi-factor authentication for all access to sensitive environments. While GitHub repositories may not store payment data, the principle applies: any system accessed via compromised credentials should require MFA.
NIST 800-53 Rev 5 Control AC-2(12) requires monitoring for atypical account usage, such as location changes or bulk operations that deviate from established baselines.
ISO/IEC 27001:2022 Control 5.17 addresses authentication information management. Organizations must enforce time-limited credentials, restrict token scope, and implement automated rotation.
NIST CSF v2.0 PR.AC-7 requires organizations to protect, manage, and refresh authentication credentials, including detecting when credentials may be compromised.
The SOC 2 Type II CC6.1 control point requires logical access controls that restrict access to information assets. Allowing a single compromised token to access thousands of repositories shows inadequate access segmentation.
Lessons and Action Items for Your Team
Implement extension allow-listing. Don't rely on marketplace vetting. Maintain an approved extension list, verify publisher signatures, and block automatic updates. Use VS Code's extensions.autoCheckUpdates: false and deploy extensions through your internal repository.
Enforce token expiration. Set maximum lifetimes on all PATs and OAuth tokens. GitHub allows a 90-day maximum for PATs; consider 30 days for high-privilege tokens. Configure automated rotation before expiration.
Scope tokens to minimum necessary. A developer writing frontend code doesn't need read access to infrastructure repositories. Use GitHub's fine-grained PATs to limit token scope by repository, permission type, and operation. Audit existing tokens and revoke those with repo (full repository access) scope.
Deploy anomaly detection. Monitor authentication logs for:
- Geographic impossibility (e.g., New York login followed by Mumbai access 10 minutes later)
- Bulk operations (e.g., cloning 100+ repositories in one session)
- Access to repositories outside normal working patterns
- API rate limit anomalies
GitHub Enterprise provides audit log streaming. Send these logs to your SIEM and create alerts for the patterns above.
Separate development and production access. Developers should not use the same credentials for local development and CI/CD pipeline access. Implement:
- Short-lived tokens for local development (1-7 days)
- Service accounts with restricted scope for CI/CD
- Network segmentation preventing direct developer workstation access to production repositories
Require MFA for repository access. GitHub supports FIDO2 hardware keys. Mandate these for any account with write access to repositories containing production code. Token theft becomes useless without the second factor.
Audit your supply chain. List every tool in your development environment that has repository access: IDEs, extensions, CLI tools, CI/CD runners. For each, document:
- What credentials it uses
- What scope those credentials have
- How you verify the tool's integrity
- When you last reviewed the tool's permissions
Test your detection. Simulate this attack: create a test repository, generate a token, and attempt to access it from an unexpected location or in an unusual pattern. Verify your monitoring triggers alerts. If it doesn't, you won't detect the real thing.
The Nx Console breach succeeded because multiple controls failed simultaneously. Your defense requires layered controls where no single failure creates a complete breach. Start with token scoping and MFA—these prevent the initial foothold. Add monitoring to detect breaches in progress. The 18-minute window was enough. Your detection window needs to be shorter.
