Skip to main content
Emerging ThreatsSupply Chain Attacks

GitHub Breach Exposes 3,800 Repos to TanStack Supply-Chain Attack

Blurred developer workstation with laptop, smartphone, and tablet nearby.

3,800 internal repositories were accessed after a developer installed a malicious Visual Studio Code extension, GitHub says.

Malicious Nx Console extension provided the initial foothold

GitHub's investigation points to a poisoned version of the official Nx Console extension for Visual Studio Code — version 18.95.0 — as the vector used to steal credentials from a compromised developer machine. The Nx Console release was available on the Visual Studio Marketplace for approximately 18 minutes and on OpenVSX for another 36 minutes before being removed, the Nx team said. According to the Nx developers and marketplace telemetry, initial download counts for the impacted 18.95.0 version were low (28 on Microsoft's Marketplace and 41 on OpenVSX), but two days after the incident their analytics recorded roughly 6,000 extension activations from VS Code and zero activations from other editors and forks.

The poisoned extension deployed a payload designed to exfiltrate credentials and secrets for multiple platforms, explicitly including npm, AWS, Kubernetes, GitHub, and GCP/Docker, according to public statements from the Nx project and GitHub commentary contained in reporting.

Scope of access and public claims: 3,800 repos and a forum demand

GitHub disclosed that the attackers gained access to about 3,800 internal repositories. Separately, the cybercrime group known as TeamPCP posted on the Breached forum claiming access to GitHub source code and “~4,000 repos of private code,” and demanding at least $50,000 for the stolen data.

At the same time, reporting notes differing framings: some coverage links the campaign to TeamPCP, while GitHub has said it has not formally attributed the attack to a specific hacking group. The public claims by TeamPCP and the company's internal figure for affected repositories are both part of the record cited in the incident reporting.

Lateral movement: from TanStack packages to stolen CI/CD credentials

The chain of compromise began, according to the reporting, with a broader supply-chain incident affecting multiple npm packages tied to TanStack and Mistral AI. Those initial compromises allowed the attacker to obtain credentials that were then used to expand access to other projects. The incident quickly extended to additional projects referenced in reporting, including UiPath, Guardrails AI, and OpenSearch, with stolen CI/CD credentials enabling workflow execution under legitimate contributor identities.

The Nx team described a specific mechanism: “One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.” That description ties the poisoned extension and the upstream npm supply-chain compromise into a coordinated exploitation of developer tooling and automated workflows.

GitHub and Nx response: secrets rotated, device secured, ongoing analysis

GitHub CISO Alexis Wales said the company secured the compromised device and reported no evidence that customer data stored outside the affected repositories had been exfiltrated. Wales detailed remediation steps in a blog post and in public comments: “We rotated critical secrets Monday and into Tuesday with the highest-impact credentials prioritized first,” she wrote. “We continue to analyze logs, validate secret rotation, and monitor our infrastructure for any follow-on activity. We will take additional action as the investigation warrants.”

The Nx developers said they are jointly investigating the impact with GitHub and Microsoft. Their public update reiterated the toolchain link: the malicious release was available briefly on marketplaces and succeeded in leaking credentials from at least one developer environment.

What this means for technologists, open-source maintainers, and enterprises

  • Technologists and security teams: The incident underscores how a single compromised developer endpoint or extension can translate into broad repository access. The public timeline shows rapid lateral movement via CI/CD and workflow credentials, and the remediation steps cited by GitHub — rotating high-impact secrets and validating rotations — are the immediate defensive actions documented in this case.
  • Open-source maintainers and package authors: A brief marketplace window for a poisoned release (18 minutes on Visual Studio Marketplace; another 36 on OpenVSX) can still yield thousands of activations and enable credential theft. Maintainership teams should watch for unexpected workflow executions tied to contributor identities — the Nx team reported attackers were able to run workflows as a contributor after credentials leaked via gh.
  • Affected enterprises and procurement leaders: The incident highlights supply-chain exposure through both packages and development tooling. GitHub’s scale — cited in reporting as supporting over 4 million organizations and 180 million developers across more than 420 million repositories — means enterprises with code on the platform need to validate secret hygiene and workflow protections as part of procurement and vendor-risk assessments.

The public record of this incident combines marketplace telemetry, vendor remediation statements and a public ransom claim. GitHub’s stated actions — device containment, prioritized secret rotation and ongoing log analysis — establish the immediate response; the broader questions include whether the data claimed by the Breached-forum post will surface and what follow-on activity, if any, the company’s monitoring will detect.

Source: BleepingComputer