Steps to take to verify whether you're affected by s1ngularity

security-checklist.md

Useful information:

• Official Nx GSHA
• Nx Security contact email if you have questions: [email protected].

Step 1: Verify whether you have been affected

Go to your Github account and check the security log for suspicious repositories being created: https://github.com/settings/security-log?q=action%3Arepo.create

If you find supicious repositories, make them private or delete them and proceed immediately by rotating your GH tokens.

You can also check on your local system

• Check whether a file like /tmp/inventory.txt exists. It might have been deleted, if it is there, copy it as it might have valuable info
• Check your ~/.bashrc or ~/.zshrc for the presence of sudo shutdown -h 0. E.g. do cat ~/.zshrc

Step 2: Actions to take

Rotate Github tokens and revoke permissions

Login to your Github account:

• revoke access to the GH CLI: https://github.com/settings/applications
• refresh your tokens: https://github.com/settings/tokens

Check other 3rd party services that might have been exposed as a result of exposing GitHub repositories.

Cleanup cache

yarn cache clean --all
pnpm store prune --force
npm cache clean --force

Remove the following folders:

• Windows: %LocalAppData%/npm-cache/_npx
• Unix: ~/.npm/_npx

Also run the following command to reveal where yarn or pnpm store their artifacts.

yarn cache dir
pnpm store path

Then delete those folders.

Refresh Nx installs

If you're using one of the affected versions make sure you install latest.

Details: https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c:

Internal Registries

If you have internal mirrors for NPM, make sure the cache is purged and refreshed.