GitHub Traces 3,800-Repo Breach to Poisoned VS Code Extension

GitHub has connected the dots on a nasty supply-chain attack. The company says hackers who breached 3,800 of its internal repositories got in through a compromised version of the Nx Console extension for VS Code.

The attack chain is gnarly. Threat actors planted malicious code in the popular Nx Console extension, then leveraged that foothold to hit GitHub's internal infrastructure. The breach ties directly to the broader TanStack npm supply-chain attack that sent ripples through the developer ecosystem.

Supply-chain attacks targeting developer tools keep escalating. VS Code extensions, npm packages, and other links in the software pipeline are prime targets — they sit in trusted positions with broad access. Poisoning one widely-used tool can cascade across thousands of projects and organizations.

GitHub confirmed the scope at 3,800 repositories. The company is still working through the full impact of the compromise.