Vulnerable Claude code in GitHub action led to stolen NPM keys - Lemmy.World

Seems like a ton (over 1k) of people were affected because of an auto updating VS Code extension. Check your bashrc/zshrc and GitHub account if you use nx