companion allegedly hacked as reported by FrozenPandaz: Malicious versions of Nx and some supporting plugins were published.
Summary
Malicious versions of the nx package, as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.