Nx

Nx v22.7 is out!! 🚨 📦 Task Sandboxing 📐 more fine-grained cache control ⚡ 7x more memory efficient & 90% faster 🤖 Agentic Nx Import ..and a lot more Check out @juristr's blog post & video below

GitHub’s report today confirms that the compromised Nx Console extension was used as the initial access vector in this attack. This is a difficult thing to read as the CEO of Nx, and I want to be direct about it: we take responsibility for the role our software played in this incident. I’m grateful to the GitHub, Microsoft, and independent security teams that moved quickly to investigate, contain, and share information publicly. This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution. We are already making major changes to our publishing, automation, and extension security posture, and we’ll continue sharing those changes publicly as we implement them. We’re also beginning conversations with other high-profile open source maintainers about how we can work together on some of the deeper structural problems around software supply chain security. A lot of the assumptions the ecosystem has operated under for years no longer hold. Our focus right now is supporting affected users, hardening Nx, and helping push the broader ecosystem toward stronger supply chain security practices. Updates and guidance: github.com/nrwl/nx-consol…

We’re continuing to work with Microsoft and GitHub to investigate the impact of the malicious Nx Console version 18.95.0. I'll share any updates on X (@jeffbcross and @NxDevTools) as well as in our security advisory: github.com/nrwl/nx-consol…. Initially, Microsoft indicated to us that there were 28 installs of the malicious version 18.95.0. Based on our own analytics for the compromised version, we currently believe the number of users who received the malicious package may be significantly higher; potentially over 6k installs. We’ll keep working to determine the actual impact and exposure, and I don’t want to speculate beyond the facts we have right now. But I also don’t want to minimize the situation. This is my top priority right now. Our team has been, and continues to be focused on understanding exactly what happened, helping affected users, hardening our systems and release processes, and being as transparent as possible throughout the investigation.

SECURITY ADVISORY: A malicious version of Nx Console v18.95.0 was published today at 2:36 PM CEST and was available for 11 minutes, until 2:47 PM CEST, when we patched the issue. Nx Console v18.100.0 is the latest safe version to use. More info: github.com/nrwl/nx-consol…

Here's the link to the full article nx.dev/blog/shift-lef…

The build phase is cheap now. Building poorly at speed isn't. @JVAsays from our team on why "shift left" stopped working, and what actually shifting left looks like when agents are writing 1200 lines in 40 minutes. (link below)

#AI is accelerating parts of software delivery, but many teams are discovering that speed alone doesn’t solve the harder coordination problems around shipping quality software. As implementation gets faster, pressure starts shifting toward review processes, testing, validation, prioritization, and cross-functional alignment. A lot of engineering leaders are now reevaluating how their organizations actually operate end to end. That was a major theme during the last Leadership Exchange with leaders from @NxDevTools, @Visa, @OpenAP, and @ThisDotLabs, and we’re continuing the conversation on June 12 in Atlanta. If you’re leading engineering teams through AI adoption and trying to separate real operational improvements from surface-level velocity gains, this is a valuable group to be in the room with. Learn more: thisdot.co/blog/building-… For an invite, send a message or reach out at tlee@thisdot.co

🚨 New webinar alert! On May 13th, Juri Strumpflohner will break down what it actually takes to build an autonomous software factory — the architecture, the feedback loops, and where agents still fall short. Save your spot today! Link in the thread 👇

Here's the full blog post and included video nx.dev/blog/agentic-n…

Ever needed to merge a repo into your main monorepo? It's not always trivial, right? A year ago, we created the "nx import" CLI command, but it can only account for so many edge cases. That changes when you combine it with an AI agent. @juristr gives you a walkthrough.

Or just lean back and enjoy the main highlights: youtu.be/1WBToDwdbGc

Here's the full blog post with all details (including YT video) nx.dev/blog/nx-22-7-r…

Nx v22.7 is out!! 🚨 📦 Task Sandboxing 📐 more fine-grained cache control ⚡ 7x more memory efficient & 90% faster 🤖 Agentic Nx Import ..and a lot more Check out @juristr's blog post & video below

Read more in our latest blog post nx.dev/blog/self-heal…

Self-Healing CI is all about helping you waste less time debugging broken PRs. So the more we can trust to auto-apply, the better. That’s why we now analyze tasks and suggest the ones that can confidently be auto-applied. Read more in our blog post below.

Moved my personal website/blog to @Cloudflare + made it Agent-Native (while prepping lunch for kids...) These things are so easy nowadays... (also wrote a quick article about how I deploy to Cloudflare from a monorepo because these questions keep coming up; link below)

What does it actually look like to build software with AI right now? At the last Leadership Exchange, engineering leaders from @NxDevTools, @Visa, OpenAP, and @ThisDotLabs got into what’s actually changing across the SDLC, how CI and reviews are evolving, and how teams are starting to structure context and integrate agents into day-to-day work. We’re continuing that conversation on June 12. If you’re leading a team and trying to move past surface-level AI adoption, this is the room where those conversations are happening. 📍 Chamblee, GA 📅 June 12, 12PM–3PM Message for an invite or reach out to @ladyleet at tlee@thisdot.co.

Let's talk about Agent Factories

Monorepos waren nur ein Google-Hype? Vielleicht nicht. Mit @MaxKless von @NxDevTools sprechen wir über Monorepo vs. Polyrepo, Tooling, CI, Ownership und warum AI das Thema gerade wieder pusht. Zum Podcast 🎧 engineeringkiosk.dev/episodes/263

Some more "down to earth non-AI" type of content 😜. (although you can point ur agent to it for implementing it) Did you know you can just export styles in an npm/pnpm workspace monorepo? Here's how to leverage that with @NxDevTools + @tailwindcss (link below)