GitHub says hackers who accessed about 3,800 internal repositories got in through a malicious version of the Nx Console Visual Studio Code extension, which was compromised during last week’s TanStack npm supply-chain attack.
The incident has been linked to the TeamPCP threat group. The attack reportedly began after several TanStack and Mistral AI npm packages were compromised. From there, the attackers used stolen CI/CD credentials to move into other projects, including UiPath, Guardrails AI, and OpenSearch.
GitHub first disclosed the breach on Tuesday, saying it was investigating claims of unauthorized access to its internal repositories. At the time, the company told BleepingComputer that the incident happened after an employee installed a malicious VS Code extension, but it did not name the extension.
In a blog post published Wednesday evening, GitHub CISO Alexis Wales confirmed that the breach involved a malicious version of Nx Console. Nx Console is the official Visual Studio Code Marketplace extension for Nx, a tool used by developers to manage large repositories and multi-project codebases without relying only on complex terminal commands.
GitHub said it has secured the compromised device and has not found evidence that customer data stored outside the affected repositories was stolen. Wales said the company rotated critical secrets on Monday and Tuesday, giving priority to the most sensitive credentials first. GitHub is still reviewing logs, confirming secret rotation, and monitoring its infrastructure for any further suspicious activity.
Although GitHub has not officially blamed any specific group, TeamPCP claimed on the Breached forum that it had accessed GitHub source code and nearly 4,000 private repositories. The group is reportedly asking for at least $50,000 for the stolen data.
The Nx team said on Monday that it was working with GitHub and Microsoft to investigate the impact of the attack. According to Nx, the malicious Nx Console version 18.95.0 was available on the Visual Studio Marketplace for around 18 minutes and on OpenVSX for another 36 minutes.
The poisoned extension was designed to steal credentials and secrets from several platforms, including npm, AWS, Kubernetes, GitHub, GCP, and Docker. Nx said one of its developers was compromised through the TanStack supply-chain attack, which leaked GitHub credentials through the GitHub CLI. Those credentials then allowed the attacker to run workflows on the Nx GitHub repository as a contributor.
Microsoft and OpenVSX reported low download numbers for the malicious version, with 28 downloads from the Visual Studio Marketplace and 41 from OpenVSX. However, Nx said its analytics later showed about 6,000 extension activations from VS Code and none from other editors, including VS Code forks such as Cursor.
The incident once again highlights the growing risk of malicious developer tools and software supply-chain attacks. In recent years, several harmful VS Code extensions have appeared on official marketplaces, including extensions used to steal credentials, mine cryptocurrency, and even test ransomware-like behavior.
GitHub remains one of the world’s most widely used developer platforms, serving more than 4 million organizations, including most Fortune 100 companies, and over 180 million developers working across more than 420 million repositories.





