A breach of 3,800 internal GitHub repositories has been linked to a malicious version of the Nx Console VS Code extension, which was compromised in the recent TanStack npm supply-chain attack1. The attackers gained access to the repositories through this tainted extension, highlighting the potential risks of software supply-chain attacks. The TanStack npm supply-chain attack, which occurred last week, involved the compromise of multiple npm packages, including those developed by TanStack. This incident demonstrates the potential for attackers to leverage compromised dependencies to gain access to sensitive systems and data. The use of malicious extensions, such as the compromised Nx Console VS Code extension, can have significant consequences, including unauthorized access to sensitive repositories. This breach matters to practitioners because it underscores the importance of carefully vetting dependencies and extensions to prevent similar supply-chain attacks.